OPEN SOURCE YEARBOOK 2016

...... OPENSOURCE.COM

Opensource.com publishes stories about creating, adopting, and sharing open source solutions. Visit Opensource.com to learn more about how the open source way is improving technologies, education, business, government, health, law, entertainment, humanitarian efforts, and more.

Submit a story idea: https://opensource.com/story

Email us: [email protected]

Chat with us in Freenode IRC: #opensource.com

. Open Source Yearbook 2016 . Opensource.com 3 ...... AUTOGRAPHS ...... AUTOGRAPHS ...... OPENSOURCE.COM......

...... WRITE FOR US ......

7 big reasons to contribute to Opensource.com:

Career benefits: “I probably would not have gotten my most recent job if it had not been for my articles on 1 Opensource.com.”

Raise awareness: “The platform and publicity that is available through Opensource.com is extremely 2 valuable.”

Grow your network: “I met a lot of interesting people after that, boosted my blog stats immediately, and 3 even got some business offers!”

Contribute back to open source communities: “Writing for Opensource.com has allowed me to give 4 back to a community of users and developers from whom I have truly benefited for many years.”

Receive free, professional editing services: “The team helps me, through feedback, on improving my 5 writing skills.”

We’re loveable: “I love the Opensource.com team. I have known some of them for years and they are 6 good people.” 7 Writing for us is easy: “I couldn't have been more pleased with my writing experience.”

Email us to learn more or to share your feedback about writing for us: https://opensource.com/story Visit our Participate page to more about joining in the Opensource.com community: https://opensource.com/participate Find our editorial team, moderators, authors, and readers on Freenode IRC at #opensource.com: https://opensource.com/irc ...... FOLLOW US ......

Twitter @opensourceway: https://twitter.com/opensourceway Google+: https://plus.google.com/+opensourceway Facebook: https://www.facebook.com/opensourceway Instagram: https://www.instagram.com/opensourceway IRC: #opensource.com on Freenode

All lead images by Opensource.com or the author under CC BY-SA 4.0 unless otherwise noted. . 6 Open Source Yearbook 2016 . Opensource.com FROM THE EDITOR ......

Dear Open Source Yearbook reader,

In 2015, Opensource.com published the first Open Source Yearbook [1], a collaboration with open source communities to collect a diverse range of stories from the year. Thanks to contributions from more than 25 writers, the 2016 edition is even bigger and highlights more than 100 organizations, projects, technologies, and events. Here are a few of the many individuals who help create the 2016 Open Source Yearbook: • Anderson Silva–Release Engineer in IT at Red Hat • Anna Morrow–Marketing Manager at No Starch Press • Ben Cotton–Meteorologist, high-performance computing engineer, technical evangelist at Cycle Computing, and Opensource.com community moderator • D Ruth Bavousett–Perl Developer at cPanel and Opensource.com community moderator • Daniel J Walsh–Leads the RHEL Docker enablement team • David Both–Linux and open source advocate, Opensource.com community moderator • Gordon Haff–Red Hat’s cloud evangelist • Greg Kroah-Hartman–Linux kernel maintainer and a Linux Foundation fellow • Jason Baker–Technical editor and SEO specialist on Opensource.com • Jen Wike Huger–Opensource.com content manager • Jeremy Garcia–Founder of LinuxQuestions.org and Opensource.com community moderator • Jono Bacon–Community manager, speaker, author, podcaster, consultant, and Opensource.com community moderator • Josh Simmons–Community organizer and short stack web developer who works on the Google open source outreach team and sits on the OSI board of directors • Libby Clark–Digital Content Editor at The Linux Foundation • Máirín Duffy–Principal Interaction Designer at Red Hat • Nithya A. Ruff–Director of Western Digital’s Open Source Office, Opensource.com community moderator • Paul Brown–Tech journalist and editor • Rachel Roumeliotis–Strategic Content Director at O’Reilly Media, Inc., and a Programming Chair of OSCON, O’Reilly’s Software Architecture Conference, and Fluent • Rich Bowen–Community Liaison for the RDO project, which is a packaging of OpenStack for CentOS/Fedora/RHEL • Richard Fontana–Senior Commercial Counsel on the Products and Technologies team at Red Hat • Richard Gall–Copywriter, Content Strategist, and Communications Manager at Packt • Robin Muilwijk–Advisor Internet and e-Government, and Opensource.com community moderator • Ruth Suehle–Community leadership manager for Red Hat’s Open Source and Standards team • Scott Nesbitt–Writer, technology coach, and Opensource.com community moderator • Seth Kenlon–Multimedia artist, technical writer, and former Opensource.com community moderator • Shaun McCance–Community Documentation Liaison at Red Hat • Shawn Powers–Associate editor for Linux Journal and IT trainer for CBT Nuggets • Susan Conant–Supervising Editor, Programming, O’Reilly Media, Inc. • Tom Callaway–Education Outreach team lead at Red Hat Thank you to everyone who contributed to the 2016 Open Source Yearbook, and to the communities who helped create, document, evangelize, and share open source technologies and methodologies throughout the year.

Best regards, Rikki Endsley Opensource.com community manager

[1] https://opensource.com/yearbook/2015 . Open Source Yearbook 2016 . Opensource.com 7 CONTENTS ......

...... WORKING...... 5 initiatives that pushed the free software 25 things to love about Linux Jen Wike Huger 10 envelope in Europe in 2016 Paul Brown 26 Linux turned 25 years old in 2016, so we asked our readers Take a tour of top free software news from Russia, Bulgaria, what they love about Linux. The Netherlands, Germany, and the EU in 2016. 4 hot skills for Linux pros in 2017 Shawn Powers 10 open source tools for your sysadmin toolbox 27 Which in-demand skills are you brushing up on in the 12 Ben Cotton new year? Sysadmins don’t lack for options when it comes to great Hot programming trends in 2016 Rachel Roumeliotis open source software tools. We look at a few favorites. 28 Take a look at the year’s hottest languages for AI projects and 7 notable legal developments in open source containers, new languages, and more programming trends. 14 in 2016 Richard Fontana 50 ways to avoid getting hacked in 2017 Learn about a few of the many open source-related legal 30 Daniel J Walsh developments that made headlines in 2016. Paul Simon rounded up 50 ways to leave a lover, and we Troubleshooting tips for the 5 most common round up 50 ways to secure your systems. 18 Linux issues Jeremy Garcia Learn how to tackle the most common challenges Linux desktop users encounter. Best Couple of 2016 What’s new in OpenStack in 2016: A look at the Display manager and 20 Newton release Rich Bowen We round up a few of the many notable updates in the window manager latest OpenStack release. DAVID BOTH Why the operating system matters even more Our pick for Best Couple this year is actually a 23 in 2017 Gordon Haff 34 pair of program types—not specific commands Operating systems don’t quite date back to the beginning of or programs. computing, but expect them to be around a long time to come...... COLLABORATING......

10 steps to innersource in your organization Top 10 Linux news stories of 2016 Scott Nesbitt 37 in 2017 Jono Bacon 48 The past year was packed with Linux anniversaries and Is your company planning to implement innersource concepts announcements. See which ones made our top 10 list. in 2017? We walk through steps for getting started. 2016 Hacktoberfest ignites open source 7 cool little open source projects that stood out 51 participation Ben Cotton 40 in 2016 D Ruth Bavousett Registration was up more than 97% over 2015. We look at a few innovative open source projects that stood Open source diversity efforts gain momentum out in 2016. 55 in 2016 Nithya Ruff 9 lessons from 25 years of Linux kernel Efforts to increase diversity in open source aren’t new, but 44 development Greg Kroah-Hartman they are starting to show positive results. We look at the It may be many years before we fully understand the keys 2016 landscape. to the Linux kernel’s success, but there are a few lessons that stand out even now. Most Playful A tour of Google’s 2016 open source releases 46 Josh Simmons Top 7 Linux games of 2016 We look at 7 of the exciting open source projects Google ROBIN MUILWIJK rolled out in 2016. What were the hot Linux games of the 52 year? We pick a few favorites. . 8 Open Source Yearbook 2016 . Opensource.com ...... LEARNING...... Publisher’s picks: Top 2016 open source books 62 Rikki Endsley Most Likely to Succeed What were your favorite tech books of 2016: We round up a few hot releases. Top open source projects 8 fun Raspberry Pi projects to try Anderson Silva 66 We round up recent Pi projects for making a weather to watch in 2017 station, media center, security system, and more fun Pi JASON BAKER projects to try. Explore some of the fastest-growing new 80 open source projects of 2016 and learn why you might want to dig a little deeper Most Popular into each in the new year. Top 10 open source projects of 2016 JEN WIKE HUGER In our annual list of the year’s top open 58 source projects, we look back at popular projects our writers covered in 2016, plus CREATING...... favorites Opensource.com community ...... moderators picked. 5 trends in open source documentation 68 Shaun McCance Certain trends in tech documentation stand out. We round ...... up five top trends from 2016. OLD SCHOOL ...... 11 wonderful wearable open source projects 70 Ruth Suehle How Linux got to be Linux: Test driving 1993-2003 Browse through a few of our favorite open source 83 distros Seth Kenlon wearable projects from 2016, which feature 3D printing, Enjoy a trip down Linux memory lane as we take early Arduinos, and more. distros for a spin. Top open source creative tools in 2016 Compute like it’s 1989 Seth Kenlon 72 Máirín Duffy 88 Let’s look back at how people used to compute, back Whether you want to manipulate images, edit audio, or when a “desktop” computer was so called because it took animate stories, there’s a free and open source tool to do up 80% of your desktop. the trick. LinuxQuestions.org celebrates sweet 16 Jeremy Garcia Top open innovations in 3D printing Tom Callaway 92 The founder of LinuxQuestions.org looks back on the site’s 77 Open source continues to drive rapid innovation in the 3D humble beginnings and the years in between. printing industry.

6 7 Reasons to Write for Us / Follow Us 94 Call for Papers / Editorial Calendar

All lead images by Opensource.com or the author under CC BY-SA 4.0 unless otherwise noted. . Open Source Yearbook 2016 . Opensource.com 9 ...... WORKING......

initiatives that pushed the free software envelope in Europe in 2016 5 BY PAUL BROWN

tends to lag— 2. Amendments to Bulgarian’s Electronic Governance THE PUBLIC SECTOR some would say Act pave the way for free software drag—behind the private sector when it comes to adopting Moving a bit westward, and in a similar a vein as the Rus- new technologies. This is also true when it comes to adopt- sian law described above, Bulgaria amended its Electronic ing free software: Governance Act [2] Although companies to require that all widely see free tech- software written for nologies as a boon, the government be government organi- open source and zations often are still developed as such locked into propri- in a public reposi- etary software and tory (i.e., the Bul- work with closed garian government standards. is setting up its That said, some own GitHub). countries are mak- In his blog post ing progress mov- about the news, ing toward open Bozhidar Bozhan- source technolo- ov [3], advisor to gies. the Bulgarian Dep- uty Prime Minister 1. Bill makes free software a priority in the Russian and the person who engineered the hacking of the Bul- public sector garian law, says, “It means that whatever custom software The draft of the bill [1], approved by the Russian Federa- the government procures will be visible and accessible to tion’s State Duma (lower house) in mid-October, requires the everyone. After all, it’s paid by tax-payers money and they public sector prioritize free software over proprietary alterna- should both be able to see it and benefit from it.” tives, gives preference to local IT businesses that produce This is common sentiment, pushed hard by groups such free software for public tenders, and recognizes the need as the FSFE [4] (the Free Software Foundation [5]’s Euro- to encourage collaboration with the global network of free pean sister organization). In fact, European governments software organizations and communities. adopting free software has become a bit of a trend in re- The bill is intended to reduce the dependency of the cent years. EU directives that require more transparen- Russian public sector on non-Russian proprietary vendors, cy in procurements often make adopting free licenses for boost the local IT industry, and increase collaboration with software made by or for the public administration the only free software organizations and communities. viable option. . 10 Open Source Yearbook 2016 . Opensource.com 3. The Netherlands moves toward adopting open you need to connect your alternative router to use the Inter- standards net and telephone network. The Netherlands is taking steps toward making the use of open standards [6] mandatory for public administrations Open progress in the Netherlands. A law [7] proposed by Dutch MP Astrid The public sector does things at its own, often glacial, pace. Oosenbrug [8] was adopted by the lower house of the par- Although there have been bold steps toward adopting free soft- liament in October and goes into effect in 2017. Oosenbrug ware, often the steps are tiny. That said, the trend is toward says the minister earlier agreed to make open standards open: Data generated by public organizations is opening mandatory. “Ironically, the lower house published the adopt- up, open standards are being adopted, and free software is ed law on its website by providing a download link to a doc- making its way onto publicly owned servers and workstations. ument in a proprietary format,” Oosenbrug adds. The upper Hopefully the trend will continue—and accelerate—in 2017. house, on the other hand, uses the Open Document Format, an ISO standard. Baby steps, I guess. Resources [1] http://www.bloomberg.com/news/articles/2016-10-05/ 4. Members of the European Parliament vote for more russia-weighs-replacing-ibm-microsoft-with-open-source- free software in the public sector software The supranational organizations at the heart of the Euro- [2] https://thepolicy.us/bulgaria-got-a-law-requiring-open- pean Union are also updating their regulations. In Janu- source-98bf626cf70a#.pg42r65iq ary, the European Parliament adopted an initiative [9] that [3] https://twitter.com/bozhobg?lang=en should bolster the adoption of free software within the EU’s [4] https://fsfe.org/index.en.html public sector. [5] http://www.fsf.org/ The initiative requires the European Commission “better [6] https://opensource.com/resources/what-are-open- promote the security advantages of open source software standards upgrades to users” and “increase the share of free and open [7] https://joinup.ec.europa.eu/community/osor/news/nl-parlia- source software and its reuse in and between public admin- ment-makes-open-standards-mandatory istrations as a solution to increase interoperability.” [8] https://twitter.com/astridoosenbrug?lang=en The initiative, however, was overshadowed by the fact that [9] http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-// it also considers licensing standard and essential patents EP//NONSGML+TA+P8-TA-2016-0009+0+DOC+PD- under FRAND (fair, reasonable, and non-discriminatory) li- F+V0//EN censes “in order to preserve R&D and standardization [10] https://fsfe.org/news/2016/news-20160128-01.en.html incentives and foster innovation.” (As the FSFE points out in [11] https://fsfe.org/activities/os/why-frand-is-bad-for-free-soft- its analysis of the initiative [10], FRAND licenses are bad for ware.en.html free software [11].) [12] https://fsfe.org/news/2016/news-20160725-01.en.html All of the above is well and good, but if you’re not work- ing in or with the public sector, it all seems a bit remote. Author What about laws that favor the end user? Well, completely Paul Brown has worked as a tech journalist, specializing out of the left field, comes this law that they passed in in Internet trends and free software, for about 20 years. Germany: He started writing for the Spanish counter-cultural/hacker magazine @RROBA in 1996, and from there moved on as 5. Germany forbids “compulsory routers” writer, editor, and later, editor-in-chief for Linux Magazine Until recently, Internet service providers (ISPs) in Germany Spain, Android User Spain, Ubuntu User Spain and Ubuntu decided which router users had to use to connect to the In- User International. He has also contributed articles to Linux ternet. Users had no say in which devices they had to pay for Magazine International, Raspberry Pi Geek, and many other and install in their homes. publications. He spends his free time as This changed on August 1. A new law [12] allows users a volunteer teacher, teaching about open choose the device that gets installed in their homes. Clients hardware to school children and writing of German ISPs are now allowed by law to use any terminal fiction and scripts for short films and TV device they choose. Regardless of whether it is a DSL or shows that never get made. Find Paul on cable connection, the ISP will have to supply the information Twitter: @linux_spain

. Open Source Yearbook 2016 . Opensource.com 11 ...... WORKING......

open source tools for 10your sysadmin toolbox BY BEN COTTON

no matter what platforms they Vim SYSADMINS, work on, are awash in great Just because the Windows/Linux battle has been laid to rest, open source software tools. In this article, I highlight well- that doesn’t mean the editor wars are over, too. The vener- known—and not-so-well-known—tools that released new able Vim [3] editor, which celebrated its 25th birthday [4] in versions in 2016. November, is still under active development. This year saw the release of version 8, the first major release in a decade. Windows subsystem for Linux Vim 8 brings features such as support for GTK+ 3 and Di- ”Microsoft loves Linux” has been a constant refrain from rectX, asynchronous I/O for plugins, and jobs. Redmond lately. With the announcement of the Windows Subsystem for Linux [1] (WSL) in the spring, this sentiment Git has become evident in a way never before seen. More Versioning is important for your scripts, your text files, and of than just an emulation layer, WSL allows Windows users course your infrastructure-as-code. The Git version control to run a real Ubuntu userspace. This includes the bash system [5] release version 2.10, which comes with a slew shell and utilities of handy new fea- like sed, awk, and tures. New color grep. Linux sysad- controls allow, for mins who have to example, git diff parse log files oc- output to strike- casionally on Win- through removed dows servers will lines. Improved love this feature. GPG signing for tags and com- PowerShell for mits is included, Linux too. Pushes now Of course, some show progress for sysadmins primar- remote post-re- ily work on Win- ceive operations. dows and have to And for those switch to Linux oc- forward-thinking casionally. To help users, the internal those folks, Microsoft dropped another bomb [2] over the date formatting can now handle dates beyond the year 2100. summer: PowerShell is now open source (under the MIT license) and ported to Linux. With these two announce- GitLab ments, will we remember 2016 as the year the long-stand- Git is nice on its own, but it’s even better with a workflow ing battle between Microsoft and open source communities system. GitLab [6] released version 8.11 this summer, which finally came to a complete and total end? includes a killer feature: Issue boards. Now issues can be . 12 Open Source Yearbook 2016 . Opensource.com visually tracked on a Kanban-style system native to GitLab. ing improvement mean that sysadmins can install Kuber- This is great for planning your infrastructure sprints without netes with their favorite package managers, such as yum having to rely on an external tool. The other major feature in and apt-get. 8.11 is the ability to manage and resolve basic merge errors directly from the GitLab web interface. Nextcloud Early this summer, a group of ownCloud developers (including SystemRescueCD a co-founder) forked the project to create Nextcloud [13]. Less Computers are cruel, and they sometimes wind up in a bad than two weeks later, they published their first major release. state to torment their sysadmins. Many sysadmins carry a Nextcloud 10 is the second release since the fork and con- CD or USB disk with tools that help recover those machines. tains many new features. A new app allows for managing SystemRescueCD [7] is an actively developed toolset for file retention policies. Improvements to the authentication those cases. A regular Swiss Army knife, SystemRescueCD system allow for automatic revocation of users with disabled is a bootable Linux distribution with tools for testing hard- LDAP accounts, user session revocation, a two-factor au- ware, partitioning drives, and recovering data. Versions 4.8 thentication plugin system and more. and 4.9 were released in 2016, bringing updates to a variety Did I leave your favorite open source tool for sysadmins of components, including updated filesystem tools for the ext off the list? family and BTRFS. Resources Clonezilla [1] https://blogs.msdn.microsoft.com/wsl/2016/04/22/win- Sometimes the best thing to do is to reimage a machine. dows-subsystem-for-linux-overview/ Clonezilla [8] is the de facto standard for deploying disk im- [2] https://azure.microsoft.com/en-us/blog/powershell-is-open- ages. The latest release adds support for detecting volumes sourced-and-is-available-on-linux/ encrypted with Windows bitlocker. A number of point releas- [3] http://www.vim.org/ es over the past year have kept Clonezilla tightly tracked to [4] https://opensource.com/life/16/11/happy-birthday-vim-25 the upstream Debian distribution and improved EFI support, [5] https://git-scm.com/ along with a wide array of bug fixes. [6] https://about.gitlab.com/ [7] https://www.system-rescue-cd.org/ Docker [8] http://clonezilla.org/ Docker continued with its active container technology de- [9] https://www.docker.com/ velopment in 2016. Docker [9] 1.12 added swarm mode: A [10] https://blog.docker.com/2016/09/dockerforws2016/ way to manage a self-healing, self-organizing group. In or- [11] https://blog.docker.com/2016/09/docker-microsoft-partner- der to provide this, a health check mechanism was added. ship/ This framework allows for service-aware determination of [12] http://kubernetes.io/ when a container is healthy. Another noteworthy event was [13] https://nextcloud.com/ the announcement that Docker containers could run natively on Windows [10] as part of a partnership between Docker Author and Microsoft that provides enterprise support for Docker on Ben Cotton is a meteorologist by training and a high-perfor- Windows [11]. mance computing engineer by trade. Ben works as a tech- nical evangelist at Cycle Computing. He is a Fedora user Kubernetes and contributor, co-founded a local open Speaking of containers, Kubernetes [12] 1.4 added more source meetup group, and is a member container management features in 2016. Clusters can of the Open Source Initiative and a sup- now be created with only two commands. A dashboard UI porter of Software Freedom Conservancy. provides 90% feature parity with the command-line tools Find him on Twitter (@FunnelFiasco) or at for easier reporting and quick status awareness. Packag- FunnelFiasco.com.

. Open Source Yearbook 2016 . Opensource.com 13 ...... WORKING......

notable legal developments in open source in 2016 7 BY RICHARD FONTANA

of interesting and notable legal de- of relevant open source platforms centered around Java A NUMBER velopments in open source took development. Oracle leads the OpenJDK project, in which place in 2016. These seven legal news stories stood out: the APIs at issue in this case, if we regard them as copy- rightable, are licensed under GPLv2 along with the Class- 1. Victory for Google on fair use in Java API case path Exception [4]. The Android platform, which does not In 2012 the jury in the first Oracle v. Google trial found that implement all Java core library APIs, is licensed mostly Google’s inclusion of Java core library APIs in Android in- under the Apache License 2.0. Its Java core library API fringed Oracle’s copyright. The district court overturned [1] implementations were generally taken from the Apache the verdict, holding that the APIs as such were not copyright- Harmony [5] project, which began as a pre-OpenJDK ef- able (either as individual method declarations or their “struc- fort to develop an open source Java runtime. Late last ture, sequence and organization” [SSO]). The Court of Appeals year Google confirmed [6] that Android Nougat would for the Federal Circuit, applying 9th Circuit law, reversed [2], use GPL-licensed [7] class library code from OpenJDK in holding that the “declaring code and the [SSO] of the 37 place of the Apache Harmony code. Java API packag- es are entitled to 2. Censure copyright protec- of Patrick tion.” The U.S. Su- McHardy preme Court de- Since 2014 there clined to review the have been rumors case, and in 2016 of GPL enforce- a closely watched ment lawsuits be- second trial was ing brought against held on Google’s many companies defense of fair in Germany by use. In May 2016 Patrick McHardy, the jury returned a a Linux kernel de- unanimous verdict veloper who was in favor of Google. formerly the chair As Jeff Kaufman of the Netfilter [8] Image by: Internet Archive Book Images. Modified by Opensource.com. CC BY-SA 4.0 explains [3], the core team. There is verdict does not change the appellate ruling concerning API some discussion of the McHardy litigation in a recent Black copyrightability, which, however, has limited precedential Duck/DLA Piper slide deck [9]. significance. Fair use involves a highly fact-specific determi- Until 2016 there has been something of a taboo on open nation, and the verdict has no obvious broader legal signifi- discussion of the McHardy lawsuits. This ended on July cance. Nonetheless the result was a clear victory for Google. 18th, when the Netfilter project announced [10] that it would Oracle has filed an appeal. “suspend” McHardy from the Netfilter core team, the first Although Oracle v. Google is not a “case about open such action it had ever taken, because “severe allegations source” per se, it is notable that both sides are stewards have been brought forward against the style of his license . 14 Open Source Yearbook 2016 . Opensource.com enforcement activities.” Although the core team had no first- 4. U.S. government announces Federal Source hand evidence for the allegations, which were consistent Code Policy and came from “trusted sources,” they noted that despite In August the U.S. government’s Office of Management and many attempts to reach McHardy he did not respond. The Budget announced the Federal Source Code Policy [15]. The announcement was made in the name of the core team policy is aimed at reducing the problem of duplicative acqui- members, including emeritus member Harald Welte, who is sition of substantially similar code by agencies and ensuring well known for bringing a series of successful GPL enforce- that new custom-developed federal source code be made ment lawsuits in Germany. broadly available for reuse across the federal government. A few weeks earlier, the Netfilter core team published a Mark Bohannon has written an article [16] on the policy. statement [11] officially endorsing the Principles of Commu- The Federal Source Code Policy establishes a three-year nity-Oriented GPL Enforcement [12], which were released by pilot program that requires agencies (with some exclusions) the Software Freedom Conservancy and the FSF in 2015. to release at least 20% of new custom-developed software as The core team stated that “license enforcement is a nec- open source each year. The policy recognizes open source essary tool to ensure all parties adhere to the same set of as a means of enabling continual improvement resulting fair rules as set forth by the license,” but then, presumably from improvements to the software by the broader communi- alluding to McHardy, declared that “any enforcement action ty. The policy also announced the launch of code.gov [17], a should always be focused on compliance, never prioritize “discoverability portal” for custom-developed code, including financial gain, never settle for less than compliance and code released as open source under the policy. consider legal action in court only as a last resort.” In the The Federal Source Code Policy is notable for placing em- July 18th announcement of McHardy’s suspension, the core phasis on adhering to proper standards for open develop- team said that McHardy “continues to be welcome in the ment as well as open source licensing. Agencies releasing project as soon as he is able to address the allegations and/ open source code are directed to do so in a manner that or co-sign the [Conservancy/FSF Principles] in terms of any encourages engagement with existing communities, fos- future enforcement activities.” ters growth of new communities, and facilitates contribution The next day, Karen Sandler and Bradley Kuhn of the both by the community to the federal code and by federal Software Freedom Conservancy published a blog post [13] employees and contractors to upstream projects. Agencies addressing the subject of McHardy. They revealed that Con- must also ensure that their open source repositories include servancy had engaged in largely unsuccessful attempted enough information to enable reuse and participation by third communications with McHardy for two years. Conservancy parties, including details on licensing. encouraged McHardy to co-draft the Principles with them and later invited him to endorse the Principles after they 5. Moglen steps down as FSF general counsel were published, but received no response from him. Sandler The Free Software Foundation announced [18] in October and Kuhn denounced McHardy for apparently refusing to en- 2016 that Eben Moglen had “stepped down” as general dorse the Principles and failing to publicly justify his conduct counsel to the FSF. Moglen, who is president of the Software of GPL enforcement. Freedom Law Center and a law professor at Columbia, has been one of the most influential lawyers in free software. His 3. Hellwig lawsuit dismissed career in free software has been closely associated in the In 2015 Linux kernel developer Christoph Hellwig brought public mind with the FSF, for which he provided pro bono a copyright infringement suit against VMware in a German legal representation for 23 years. I expect both Moglen and district court, alleging violation of the GPL in VMware’s ESXi the FSF to remain as engaged as ever in matters of free product. Hellwig’s legal expenses were funded by the Soft- software legal policy, but likely with more instances of public ware Freedom Conservancy. The Hellwig lawsuit attracted disagreement or conflicting opinions. significant attention because it is apparently the first litigat- ed GPL compliance case that centers on the scope of the 6. Debian and Ubuntu ship ZFS GPL’s copyleft requirement, sometimes thought of as the In the mid-2000s Sun Microsystems released its ZFS filesys- “derivative work” issue. tem as part of OpenSolaris, licensed under the weak copyleft In July 2016, as Scott Peterson has reported [14], the CDDL [19]. Efforts to port ZFS to Linux were inhibited for court dismissed the case, concluding that Hellwig had many years by legal concerns, including concerns about li- failed to identify in the VMware product the specific lines cense conflicts between GPLv2 and CDDL. In recent years of code in which he owned copyright. The court discussed the “ZFS on Linux” [20] project has encouraged Linux distri- the GPL issue, but it did not address the merits. The rul- butions to package its ZFS kernel module. ing has no precedential significance for other cases. In a Although packaging of ZFS in Debian was held up for brief statement, Hellwig announced that he would appeal some time by licensing concerns, in 2015 Debian Project the ruling. Leader Lucas Nussbaum revealed [21] that Debian had . Open Source Yearbook 2016 . Opensource.com 15 ...... WORKING......

received legal advice from the Software Freedom Law Cen- because the conduct falls within the spirit or the “equity” of ter concerning inclusion of ZFS in Debian, which he said the license. “should unblock the situation ... and enable us to ship [ZFS] In SFLC’s view, given the tension between the literal in Debian soon.” In January 2016, Nussbaum’s successor, and equitable interpretations of GPLv2, “the consensus of Neil McGovern, said [22] that ZFS would be included in the kernel copyright holders’ intention … determines which Debian as a DKMS package in source code form only, and mode of interpretation is to be employed.” Here, there was would be segregated in the “contrib” archive, which contains no conclusive or convincing evidence of what type of inter- packages that are not considered to be official Debian. pretation the kernel copyright holders intend. SFLC argued Ubuntu had included a source-only DKMS ZFS package that for as long as the kernel copyright holders choose not to for some time before Debian began doing so. In a blog object to Canonical’s distribution, it should be assumed that post in February, Canonical’s Dustin Kirkland announced the consensus of the kernel licensors is to support the equi- [23] that Ubuntu would begin shipping a binary ZFS kernel table interpretation. SFLC also pointed out that Canonical’s module. Following a flurry of debate over the GPL/CDDL potential liability exposure was negligible. issue, Kirkland said [24] in another blog post that Canonical Neil McGovern discussed his experience of the ZFS topic as had discussed the legal issues with Eben Moglen (presi- Debian Project Leader in a talk [28] at Debconf. Other notewor- dent of SFLC) and had concluded that distribution of the thy statements on the ZFS issue were made by Richard Stall- binary kernel module would be compliant with both GPLv2 man [29] and by Linux kernel developer James Bottomley [30]. and CDDL. Kirkland stressed that the ZFS module was “self Little has been said about the issue in recent months. contained” and was not a derivative work of the kernel, and the kernel was not a derivative work of ZFS. Kirkland also 7. Apache Software Foundation bans JSON argued that “[e]quivalent exceptions have existed for many license years, for various other stand-alone, self-contained, non- For some of us involved in open source legal matters, Doug- GPL kernel modules.” las Crockford’s JSON license [31] keeps turning up like a Shortly after Kirkland’s second blog post, the Software bad penny. The JSON license famously modifies the MIT li- Freedom Conservancy and SFLC published conflicting [25] cense by adding a sentence before the warranty disclaimer: analyses [26] of the legality of Canonical’s distribution. (For “The Software shall be used for Good, not Evil.” It is not clear those who don’t know: SFLC and Conservancy are indepen- whether Crockford intended the license purely as a joke, or dent organizations.) They agreed, however, on two basic as an oblique political statement, or both. Many who care points: (1) Debian’s distribution of a source-only module in about having a principled basis for classifying licenses as contrib was license compliant, and (2) loadable kernel mod- free, or open source, see the “Good, not Evil” clause as con- ules generally fall within the scope of the GPL copyleft on flicting with basic definitional norms that disallow field of use the kernel. restrictions and discrimination based on field of endeavor. Conservancy claimed to be speaking on its own behalf as Some have argued that the clause is not enforceable and a Linux kernel copyright assignee as well as on behalf of thus should not be taken seriously; however, the FSF, which kernel copyright holders participating in its GPL Compliance classifies the JSON license as non-free, argues [32] that it Project for Linux Developers [27]. In Conservancy’s view, cannot be presumed that the restriction is unenforceable. Canonical’s distribution of the binary kernel module violates Another objection to the license is that “Good” and “Evil” are GPLv2 and thus infringes copyright on the kernel. Conser- undefined and thus the scope of conduct that is allowed and vancy believes that derivative works involving GPL license prohibited is highly uncertain. incompatibilities with other free software licenses should The reason the JSON license is not a matter of complete b e subjected to the same legal analysis as GPL/proprietary obscurity is that Crockford has applied it to software that combinations. happens to have been widely adopted, including the tools According to SFLC, Canonical’s binary ZFS module JSLint [33] and JSMin [34] and the JSON Java [35] library must be regarded as licensed under GPLv2, since (“JSON-java”). Over the years Crockford has refused many CDDL allows binaries to be under any license and any other requests from developers to change the license, although interpretation would assume that Canonical was noncompli- he has boasted [36] of having granted special permission to ant with the GPL. Therefore, distribution of the ZFS binary IBM and “its customers, partners, and minions, to use JSLint module itself would not violate GPLv2; however, Canonical’s for evil.” otherwise compliant distribution of corresponding source For many years the Apache Software Foundation, known code for the ZFS kernel module and the Ubuntu kernel would for strict rules on licensing under which, for example, the “literally” violate GPLv2, because Canonical would be pro- GPL and LGPL are relegated to a forbidden “Category X,” viding the ZFS filesystem source code under CDDL. There [37] treated JSON-java as though it were in its most favored are good reasons for a community of copyright holders of “Category A” [38] (which contains noncopyleft licenses, such a GPL project not to object to this literal GPLv2 violation, as the Apache License 2.0 itself). Today several ASF proj- . 16 Open Source Yearbook 2016 . Opensource.com ects have dependencies under the JSON license. In Octo- [16] https://opensource.com/government/16/8/us-government-​ ber 2016, in a posting [39] to the ASF’s legal-discuss mailing releases-new-policy-free-code list, Ted Dunning called on the ASF to revisit its decision, [17] https://www.code.gov/ noting that the JSON license was “substantially hindering [18] https://www.fsf.org/news/fsf-announces-change-in-general-​ downstream adoption.” After discussion, Jim Jagielski, VP counsel of Legal Affairs for the ASF, declared [40] that “the license is [19] https://opensource.org/licenses/CDDL-1.0 NOT CatA and is NOT approved,” placing the JSON license [20] http://zfsonlinux.org/ in Category X. Jagielski later clarified [41] that no new use of [21] https://lists.debian.org/debian-devel-announce/2015/04/ the JSON license by an ASF project would be allowed, but msg00006.html some projects already using code under the license would [22] http://blog.halon.org.uk/2016/01/on-zfs-in-debian/ have a grace period of several months to transition to a [23] http://blog.dustinkirkland.com/2016/02/zfs-is-fs-for-containers-​ replacement. The issue was covered in a November 2016 in-ubuntu-1604.html LWN.net article [42]. [24] http://blog.dustinkirkland.com/2016/02/zfs-licensing-and-​ Because so many ASF projects have been widely ad- linux.html opted, the JSON license prohibition seems likely to have a [25] https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/ significant community impact in encouraging use of open [26] https://www.softwarefreedom.org/resources/2016/​ source alternatives to JSON-licensed software. linux-kernel-cddl.html [27] https://sfconservancy.org/linux-compliance/ Resources [28] http://bit.ly/2i4o7Q4 [1] https://opensource.com/law/12/6/oracle-v-google-and-​api-​ [29] https://www .fsf.org/licensing/zfs-and-linux copyrightability [30] http://blog.hansenpartnership.com/are-gplv2-and-cddl-in- [2] http://www.cafc.uscourts.gov/content/oracle-america-​inc-v- compatible/ google-inc-opinion [31] http://www.json.org/license.html [3] https://opensource.com/law/16/6/outcome-google-v-oracle- ​ [32] https://www.gnu.org/licenses/license-list.en.html#JSON good-open-source [33] https://github.com/douglascrockford/JSLint/blob/master/ [4] http://openjdk.java.net/legal/gplv2+ce.html jslint.js#L15 [5] https://harmony.apache.org/ [34] https://github.com/douglascrockford/JSMin/blob/master/ [6] http://venturebeat.com/2015/12/29/google-confirms-next- jsmin.c#L16 android-version-wont-use-oracles-proprietary-java-apis/ [35] https://github.com/stleary/JSON-java/blob/master/​ [7] https://android.googlesource.com/platform/ LICENSE#L13J libcore​/+/​ 29c2a3a52980b18ab26f860e9c​ - [36] http://dev .hasenj.org/post/3272592502/ibm-and-its-minions c712487881b081%5E%21/#F0 [37] https://www.apache.org/legal/resolved#category-x [8] http://netfilter.org/ [38] https://www .apache.org/legal/resolved#category-a [9] http://www.slideshare.net/blackducksoftware/litigation-​and- [39] http://bit.ly/2huuMhi compliance-in-the-open-source-ecosystem [40] http://bit.ly/2iFnysw [10] https://marc.info/?l=netfilter-devel&m= ​ [41] http://bit.ly/2huw8sr 146887464512702 [42] https://lwn.net/Articles/707510/ [11] https://www.netfilter.org/files/statement.pdf [12] https://sfconservancy .org/copyleft-compliance/principles.html Author [13] https://sfconservancy .org/blog/2016/jul/19/patrick-mchardy-​ Richard Fontana is Senior Commercial gpl-enforcement/ Counsel on the Products and Technolo- [14] https://opensource.com/law/16/8/gpl-enforcement-action- ​ gies team at Red Hat. Most of his work hellwig-v-vmware focuses on open source-related legal [15] https://sourcecode.cio.gov/ issues.

. Open Source Yearbook 2016 . Opensource.com 17 ...... WORKING......

Troubleshooting tips for the most common 5 Linux issues BY JEREMY GARCIA

installs ALTHOUGH LINUX and op- erates as expected for most users, inevitably some users will run into problems. For my fi- nal article in The Queue column for the year, I thought it would be interesting to summarize the most common technical Linux issues peo- ple ran into in 2016. I posted the question to LinuxQuestions.org and on social media, and I analyzed LQ posting patterns. Here are the results.

1. Wifi drivers (especially Broadcom chips) Generally speaking, wifi drivers—and Broad- com cards in particular—continue to be one of the most prob- ing Ubuntu, then you know the BCM4312 card is supported lematic technical issues facing Linux. There were hundreds by installing the firmware-b43-installer package. The other of posts about this topic on LQ alone in 2016, and myriad option you have is to research the wifi card before your more elsewhere. Dozens of Broadcom wireless cards are purchase to ensure it’s fully supported by your distribution of available, and detailed instructions for getting them to work choice out of the box. with each distribution is far too involved for a single article, but the basic troubleshooting steps are the same: 2. Printer drivers (especially Canon and Lexmark) Printers also continue to be problematic, with Canon and • ascertain exactly which Broadcom card you have by Lexmark repeatedly cited for being an issue. If you’re pur- using lspci to find out the PCI ID, chasing a new printer, research compatibility before you • determine whether the distribution you use supports buy. But if you are migrating from another operating sys- that card, tem, that may not be an option. If you are doing research, • and if it does, identify the proper way to get the card the OpenPrinting [1] database and the official support working. channel for your distribution are the two best places to start. Note that you should ensure all functionality of a For example, if you have a 14e4:4315 PCI ID and are us- device is fully compatible, especially if it’s a multifunction . 18 Open Source Yearbook 2016 . Opensource.com product. One common complaint with Canon printers is to say Linux has wide-spread installation issues. The vast that the drivers are often only available on non-English majority of installs go as expected. The sheer variety of hard- and sometimes obscure sites. ware that Linux supports, and nearly infinite combinations of hardware on which Linux installs are attempted, inevitably 3. Video lead to edge cases here and there. Keep in mind that end Video is a nuanced topic, as simple straightforward video users rarely install other operating systems, such as Mac OS works extremely well out of the box on Linux. Where the and Windows, as they come pre-installed on new devices. issues pop up are video accelerators/​acceleration; the lat- est video cards and newest technologies, such as NVIDIA Future looks bright Optimus and ATI dynamic GPU switching; installation and Other issues that were mentioned frequently include Blue- stability of proprietary drivers; efficient power manage- tooth, suspend/resume, HiDPI, and touchscreens. You may ment; and reliable suspend and resume. If you’re not a see a pattern forming here—most of the issues noted in this gamer, do not need high-end graphics for another reason, article focus on desktop use cases. When you think about it, and are not on a laptop, then you probably don’t have to that makes sense. With Linux desktop adoption being rela- worry about this. If you’re looking for a new laptop, be sure tively low, the result is that less testing and resources go into to research compatibility before your purchase. If you’re finding and fixing related issues. As desktop usage increas- a gamer or need the highest-end graphics, you’ll need to es, you can anticipate these areas improving. know exactly what your requirements are and start your On that note, I thought it would be nice to end with a mention research there. Luckily, the situation here is improving of one area that used to pop up frequently as a problem area for and, Wayland teething issues aside, the situation should Linux, and very rarely does these days: fonts. Only a few short be quite a bit better in 2017. years ago, getting high-quality antialiased fonts were the excep- tion. With modern distribution releases, it has become the rule. 4. Audio What technical Linux issues did you find most common Once again, for simple setups, audio has been easy to con- in 2016? figure and reliable under Linux for a while. As soon as you get into professional production, echo cancellation, audio Resources routing, unified mixing, and other complex setups, however, [1] http://www.openprinting.org/printers it can go south pretty quickly. My suggestion is to use one of the dedicated audio-related distributions if you need high- Author end real-time audio. Jeremy Garcia is the founder of Linux- Questions.org and an ardent but realistic 5. Installation open source advocate. Follow Jeremy on With a category this all-encompassing, it’s almost guaran- Twitter: @linuxquestions teed to be high volume. That said, I don’t know that it’s fair

. Open Source Yearbook 2016 . Opensource.com 19 ...... WORKING...... What’s new in OpenStack in 2016: A look at the

Newton release BY RICH BOWEN

is on a six- OPENSTACK month release cycle[1], with each release given a code name starting with consecutive letters of the alphabet. On October 7th, Open- Stack Newton was released. Let’s look at a few highlights from OpenStack’s 2016 Newton release. In addition to the usual enormous num- ber of incremental improvements, the Newton release focused on ease of de- ployment and usability improvements, as well as improved container-management tools. It also added the Tacker project [2], for deploying and managing virtual network functions (NFV) Congress on OpenStack. Congress [5] is OpenStack’s Policy as a Service proj- ect. The Newton release adds support for load-balanced Documentation policy engines for HA and high query throughput deploy- As always, many changes were made to the documen- ments. Congress now supports multi-node deployments tation [3] for this release. The networking guide was re- in which different components are deployed on separate structured, the conversion to RST was completed, training hosts. guides were improved, and new chapters were added. In addition to updates to existing translations, entire new Designate manuals were added in Indonesian, Italian, Japanese, Designate [6] is OpenStack’s DNS as a Service project. Korean, and Simplified Chinese. Designate has a number of new features in the Newton release, such as support for new DNS servers, including Ceilometer TinyDNS and Knot DNS. It adds designate-worker and des- Ceilometer [4] is OpenStack’s metering and alarming ser- ignate-producer services for better scaling in future releas- vice. In the Newton release, Ceilometer: es. All services now report back to designate-central, which keeps track of what services are running and when they • adds several new meters, including memory bandwidth last checked in. statistics, and various CPU cycle and instruction count meters; Glance • includes support for batch recording metering with Glance [7] is OpenStack’s image service, for storing VM MongoDB; images and snapshots. The Newton release adds vhdx as • and deprecates ceilometer-dbsync to move to new a supported disk format [8], and deprecates some older ceilometer-upgrade. formats and store drivers. . 20 Open Source Yearbook 2016 . Opensource.com Heat Mistral Heat [9] is OpenStack’s orchestration service, and the New- Mistral [15] is OpenStack’s workflow service. In Newton, ton cycle was very busy for the Heat team as they worked on Mistral now supports Magnum actions, Tacker actions, and adding new configuration options. Murano actions. Other new features include being able to Conditional functions have been added to allow for more call RabbitMQ directly, rather than using Oslo, and the abil- complex orchestration scenarios. Heat can now manage ity to handle https requests. Cinder quotas. The Newton release also adds new inte- gration with DNS service, Glance service, and Monasco Nova service. Nova [16] is OpenStack’s compute service. Because Nova is one of the oldest parts of OpenStack, and the largest and Horizon busiest project, listing all the changes is difficult. As with Horizon [10] is the OpenStack web dashboard. The Newton every release, changes in Nova support a wider range of release contains a number of user interface enhancements, features in the underlying hypervisors. Additionally, many new functionality, and bug fixes to eliminate all WARNING enhancements were made to make migrations and up- messages in your browser’s developer panel. grades easier. The release documentation also includes Horizon used to require Nova and Glance to function, but extensive information about how to upgrade your compute not any longer. Now Horizon only requires Keystone, which nodes from Mitaka to Newton. means it can be used for deployments that don’t include these services, such as Swift-only deployments. Sahara Horizon now has better implementation of the underlying Sahara [17] provides a way to deploy Apache Hadoop or Bootstrap themes, for easier theming of your OpenStack Apache Spark clusters on top of OpenStack. In Newton, deployment. Various HTML classes have been renamed to Sahara adds support for Impala, MaR, Sentry, Kafka, CDH match Bootstrap’s naming conventions. 5.7, and updated versions of Mahout, HBase, Drill, and MapR. Ironic Ironic [11] is OpenStack’s bare metal deployment ser- Searchlight vice. The Newton release adds a number of new meth- Searchlight [18] provides indexing and search across multi- ods and options to allow you to deploy on a wider variety tenant cloud resources. Searchlight first appeared in Mitaka. of platforms. In Newton, Searchlight adds support for ElasticSearch 2.x, and it adds multi-thread support for indexing. You can now Keystone search Neutron security groups and rules. Index sync perfor- Keystone [12] is OpenStack’s authentication service, mance has been improved. Many other enhancements are which tends to move slowly and with great deliberation included in this release. because all other services rely on it. The Newton release adds the ability to cache tokens. Also, a local table may Senlin be populated with LDAP users to improve query perfor- Senlin [19] provides a generic clustering service for an mance. Also, Keystone can now be upgraded using a roll- OpenStack cloud. Senlin is another new addition to Open- ing upgrade. Stack, and the Newton release adds various features that were not yet implemented for Mitaka, including the ability for Magnum clusters and nodes to depend on other clusters and nodes, Magnum [13] is an API service that makes various flavors and policy validation and profile validation APIs. of containers into first-class resources that can be de- ployed on OpenStack. The Newton release adds support for Tacker several new options, including Flannel’s host-gw backend, Tacker [20] is a generic VNF manager, and NFV orchestrator a new openSUSE driver for running a Kubernetes cluster to deploy and manage virtual network functions on Open- on openSUSE, and various new options for Apache Mesos. Stack. Tacker is new in this release of OpenStack, and be- gins to build out all of the features needed for this important Manila new area of OpenStack deployments. Manila [14] is a shared file system service for OpenStack. A number of new drivers and plugins were added to expand Trove the number of backends that can be used for your shared Trove [21] is OpenStack’s database as a service solution. file system service. Additionally, many existing drivers and Each subsequent release provides additional functionality plugins were enhanced to give access to additional function- for the various database engines that it supports. This re- ality of those backends. lease also contains numerous bug fixes. . Open Source Yearbook 2016 . Opensource.com 21 ...... WORKING......

Summary [7] http://docs.openstack.org/developer/glance/ With a product as large as OpenStack, summarizing what’s [8] http://docs.openstack.org/developer/glance/formats.html new in a particular release is challenging. (See the full re- [9] https://wiki.openstack.org/wiki/Heat lease notes [22] for more details.) Each deployment of [10] http://docs.openstack.org/developer/horizon/ OpenStack might use a different combination of services and [11] https://wiki.openstack.org/wiki/Ironic projects, and so will care about different updates. Added to [12] http://docs.openstack.org/developer/keystone/ that, the release notes for the various projects tend to be ex- [13] https://wiki.openstack.org/wiki/Magnum tremely technical in nature, and often don’t do a great job of [14] https://wiki.openstack.org/wiki/Manila calling out the changes that will actually be noticed by either [15] https://wiki.openstack.org/wiki/Mistral operators or users. [16] https://wiki.openstack.org/wiki/Nova Expect to find a growing collection of videos, onYou- [17] https://wiki.openstack.org/wiki/Sahara Tube [23] and elsewhere, demonstrating some of the most [18] https://wiki.openstack.org/wiki/Searchlight interesting user-facing features in Newton. As soon as the [19] https://wiki.openstack.org/wiki/Senlin Newton release rolled out, developers kept right on working [20] https://wiki.openstack.org/wiki/Tacker where they left off, because not all of the features planned for [21] https://wiki.openstack.org/wiki/Trove Newton actually made it in. [22] https://releases.openstack.org/newton/ Planning for the next release, Ocata [24], began at Open- [23] https://www.youtube.com/results?search_query=open- Stack Summit in Barcelona in late October 2016. The Ocata stack+newton Release Schedule [25] offers a glimpse at what’s ahead. [24] https://releases.openstack.org/ocata/index.html Be sure to check out Meetup.com [26] for OpenStack [25] https://releases.openstack.org/ocata/schedule.html meetups near you, where you can talk with other OpenStack [26] http://meetup.com/ operators and compare stories.

Resources Author [1] http://releases.openstack.org Rich works at Red Hat as the Community [2] https://wiki.openstack.org/wiki/Tacker Liaison for the RDO project, which is a pack- [3] http://docs.openstack.org/ aging of OpenStack for CentOS/Fedora/ [4] http://docs.openstack.org/developer/ceilometer/ RHEL. He’s also the Executive Vice Pres- [5] https://wiki.openstack.org/wiki/Congress ident of the Apache Software Foundation, [6] http://docs.openstack.org/developer/designate/ Open Source enthusiast, and Geocacher.

. 22 Open Source Yearbook 2016 . Opensource.com ...... WORKING

Why the operating system matters even more in 2017 BY GORDON HAFF

don’t quite date ages process scheduling, power management, root access OPERATING SYSTEMS back to the be- permissions, memory allocation, and all the other low-level ginning of computing, but they go back far enough. Main- housekeeping and operational details needed to keep a sys- frame customers wrote the first ones in the late 1950s, tem running efficiently and securely. with operating systems that we’d more clearly recognize as Finally, the operating system serves as the interface to such today—including OS/360 from IBM and Unix from Bell both its own “userland” programs—think system utilities such Labs—following over the next couple of decades. as logging, performance profiling, and so forth—and applica- An operating system performs a wide variety of useful tions that a user has written. The operating system should functions in a system, but it’s helpful to think of those as fall- provide a consistent interface for apps through APIs (appli- ing into three general categories. cation programming interface) based on open standards [2]. First, the operating system sits on top of a physical sys- Furthermore, commercially supported operating systems tem and talks to the hardware. This insulates application also bring with them business and technical relationships with software from many hardware implementation details. third-party application providers, as well as content channels Among other ben- to add other trusted efits, this provides content to the plat- more freedom to in- form. novate in hardware The computing because it’s the op- technology land- erating system that scape has changed shoulders most of considerably over the burden of sup- the past couple of porting new pro- years. This has had cessors and other the effect of shifting aspects of the serv- how we think about er design—not the operating systems application develop- and what they er. Arguably, hard- do, even as they ware innovation remain as central as ever. Consider will become even Image by: Internet Archive Book Images. Modified by Opensource.com. more important [1] changes in how as machine learning and other key software trends can no applications are packaged, the rapid growth of computing longer depend on CMOS process scaling for reliable year- infrastructures, and the threat and vulnerability landscape. over-year performance increases. With the increasingly widespread adoption of hybrid cloud architectures, the por- Containerization tability provided by this abstraction layer is only becoming Applications running in Linux containers [3] are isolated more important. within a single copy of the operating system running on a Second, the operating system—specifically the kernel— physical server. This approach stands in contrast to hyper- performs common tasks that applications require. It man- visor-based virtualization in which each application is bound . Open Source Yearbook 2016 . Opensource.com 23 ...... WORKING......

to a complete copy of a guest operating system and commu- traditional monolithic apps it’s much more difficult to keep nicates with the hardware through the intervening hypervi- changes to one component from having unintended effects sor. In short, hypervisors virtualize the hardware resources, elsewhere. whereas containers virtualize the operating system resourc- One important aspect to this shift from the perspective es. As a result, containers consume few system resources, of the operating system is that it increasingly makes more such as memory, and impose essentially no performance sense to talk about a “computer” as an aggregated set of overhead on the application. datacenter resources. Of course, there are still individual Containerization leans heavily on familiar operating sys- servers under the hood and they still must be operated and tem concepts. Containers build on the Linux kernel’s process maintained—albeit in a highly automated and hands-off way. model as augmented by additional operating system fea- However, container scheduling and management effectively tures, such as namespaces (e.g., process, network, user), makes up the new and relevant abstraction for where work- cgroups, and permission models to isolate containers while loads run and how multi-tier applications are composed— giving the illusion that each is a full system. rather than the server. Containers have become so interesting recently by the ad- The Cloud Native Computing Foundation [5] (CNCF), dition of mechanisms to portably compose applications as also under the Linux Foundation, was created to “drive a set of layers and move them around an environment with the adoption of a new computing paradigm that is op- low overhead. In this respect, containers are the realization timized for modern distributed systems environments of a general concept that’s been around for a while in var- capable of scaling to tens of thousands of self-healing ious guises, but never really went mainstream. (Think ap- multi-tenant nodes.” One project under the CNCF is Ku- plication virtualization, for example.) One important change bernetes [6], an open source container cluster manager today is the greatly increased role of open source and open originally designed by Google, but now with a wide range standards. For example, the Open Container Initiative [4], a of contributors [7] from Red Hat and elsewhere. collaborative project under the Linux Foundation, is focused on creating open industry standards around the container Security format and runtime. All the security hardening, performance tuning, reliability Also significant is that container technology, together with engineering, and certifications that apply to the virtualized software-defined infrastructure (such as OpenStack), is be- world still apply in the containerized one. And, in fact, the ing built into and engineered together with Linux. The history operating system shoulders a greater responsibility for pro- of computer software clearly shows that integrating technol- viding security and resource isolation in a containerized and ogies into the operating system tends to lead to much wider software-defined infrastructure world than in the case in adoption and a virtuous cycle of ecosystem development which dedicated hardware or other software may be han- around those technologies—think TCP/IP in networking or dling some of those tasks. Linux has been the beneficiary any of a wide range of security-related features. of a comprehensive toolbox of security-enforcing functional- ity built using the open source model, including SELinux for Scale mandatory access controls, a wide range of userspace and Another significant shift is that we increasingly think in kernel-hardening features, identity management and access terms of computing resources at the scale point of the control, and encryption. datacenter rather than the individual server. This transi- Today, however, information security must also adapt to a tion has been going on since the early days of the web, changing landscape. Whether it’s providing customers and of course. However, today we’re seeing the reimagining partners with access to certain systems and data, allow- of high-performance computing “grid” technologies both ing employees to use their own smartphones and laptops, for traditional batch workloads as well as for newer ser- using applications from Software-as-a-Service (SaaS) ven- vices-oriented styles. dors, or taking advantage of pay-as-you-go utility pricing Dovetailing neatly with containers, applications based on models from public cloud providers, there is no longer a loosely coupled “microservices” (running in containers)— single perimeter. with or without persistent storage—are becoming a popular The open development model allows entire industries cloud-native approach. This approach, although reminiscent to agree on standards and encourages their brightest de- of Service Oriented Architecture (SOA), has demonstrated velopers to continually test and improve technology. The a more practical and open way to build composite applica- groundswell of companies and other organizations provid- tions. Microservices, through a fine-grained, loosely coupled ing timely security feedback for Linux and other open source architecture, allows for an application architecture to reflect software provides clear evidence of how collaborating within the needs of a single well-defined application function. Rap- and among communities to solve problems is the future of id updates, scalability, and fault tolerance, can all be indi- technology. Furthermore, the open source development pro- vidually addressed in a composite application, whereas in cess means that when vulnerabilities are found, the entire . 24 Open Source Yearbook 2016 . Opensource.com community of developers and vendors can work together to Resources update code, security advisories, and documentation in a co- [1] http://bitmason.blogspot.com/2016/01/beyond-general-​ ordinated manner. purpose-in-servers.html These same processes and practices apply across [2] https://opensource.com/resources/what-are-open-standards hybrid cloud infrastructures as the role of the operating [3] http://bitmason.blogspot.com/2013/09/what-are-containers-​ system evolves and expands to include new capabilities anyway.html like Linux containers. Furthermore, when components are [4] https://www.opencontainers.org/ reused in the form of microservices and other loosely cou- [5] https://cncf.io/ pled architectures, maintaining trust in the provenance of [6] https://opensource.com/resources/what-is-kubernetes those components and their dependencies (when making [7] http://stackalytics.com/?project_type=kubernetes- ​ up applications) becomes more important, not less. group&metric=commits

Some things change, some don’t Author Priorities associated with operating system development and Gordon Haff is Red Hat’s cloud evangelist, is a frequent operation have certainly shifted. The focus today is far more and highly acclaimed speaker at customer and industry about automating deployments at scale than it is about cus- events, and helps develop strategy across Red Hat’s full tomizing, tuning, and optimizing single servers. At the same portfolio of cloud solutions. He is the author of Comput- time, there’s an increase in both the pace and pervasiveness ing Next: How the Cloud Opens the Future in addition to of threats to a no longer clearly-defined security perimeter— numerous other publications. Prior to Red Hat, Gordon requiring a systematic understanding of the risks and how to wrote hundreds of research notes, was frequently quoted mitigate breaches quickly. in publications like The New York Times on a wide range Add it all together and applications become much more of IT topics, and advised clients on product and market- adaptable, much more mobile, much more distributed, much ing strategies. Earlier in his career, he was responsible more robust, and much more lightweight. Their placement, for bringing a wide range of computer provisioning, and securing must become more automated. systems, from minicomputers to large But they still need to run on something. Something solid. UNIX servers, to market while at Data Something open. Something that’s capable of evolving for General. Gordon has engineering de- new requirements and new types of workloads. And that grees from MIT and Dartmouth and an something is a (Linux) operating system. MBA from Cornell’s Johnson School.

. Open Source Yearbook 2016 . Opensource.com 25 ...... WORKING......

reasons to 25love Linux BY JEN WIKE HUGER

Linux turned 25 years old. To celebrate, IN 2016, we reached out to readers over social media and asked them why they love Linux. On August 25th, Opensource.com published the list. 25. There is no autopilot. I am the king of my machine. —Anupam Datta 24. Nowadays stuff just works. No hunting for obscure firmware etc. Plug and play. Done in the open. That’s truly, wow. —Jan Wildeboer 23. It is possible to customize Linux in multiple ways: via the kernel when compiling it and in user space. Plethora of free apps. —Eugene J. Markow Image by: Opensource.com. CC BY-SA 4.0 22. One thing I like about Linux is the fact that it’s abso- lutely free. That includes price, ability to modify the 11. My machine loves it! The way I have total control over code to your own specs, etc. No restrictive licensing, everything. It’s a love story that is inexpressible. etc. —James Takac —Rhitik Bhatt 21. Don’t ask what Linux can do for you, it is already done, but 10. There’s always something new to learn. what code you can apply for Linux! —Vladimir Cicovic —Alexander Golubets 20. Working in the terminal is awesome. Makes me look like 9. Stability, resource friendly, safety. —Alwan Rosyidi a badass tech guy in front of the people around me when 8. The freedom. —Maja Isaksson typing those commands. —Nilesh Sarkar 7. Terminal <3 —Shahrukh Alizai 19. When I ask “How do I send data via the serial port?” on 6. The commands :) file handling and big data analysis :) a Linux forum, I get relevant answers and help. Other fo- —Sum Aira rums responses be like “Have you tried the parallel port? 5. Light-weight, flexible, stabile, safe. —Tomasz Mikołajko —Eric Lovejoy 4. There is more than one topic why I love Linux. But I think 18. The freedom to edit my GUI however I see fit without wor- because it is available for everyone for free, makes the ries about end user license agreements. —Jesse Woodside world a little more free. —Tux von Kybermann 17. A huge selection of applications, tools, widgets, and other 3. The ability to freely download, run, change, and distrib- software. —Nathan Leach ute the operating system to as many computers as I 16. It gives you the feel of being a real programmer, or a want. Not everyone can afford to purchase a copy of hacker! —Sai Charan Windows every 3-4 years. Everyone can afford Linux! 15. There is no limit to what you can do. If you can imagine it, —Jonathan Niccolls you can make it. —Jeroen Tuijn 2. It’s the Swiss Army knife of computing. —Gary Alexander 14. It is less risky when it comes to virus attack... and of 1. Everything. —Ayoub Arahmat course its an open source! —Kefilwe Mosesanyane 13. The power to customize and create my own specific Author operating system to be used for any purpose. Jen Wike Huger is the Content Manager —Rasyid Sahputra for Opensource.com. Follow her on Twitter 12. The main thing I like about Linux is there are no wizards. @jenwike and see her extended portfolio When installing software, it just does it and that includes at Jen.io. all the dependencies. —Shaun Henderson . 26 Open Source Yearbook 2016 . Opensource.com ...... WORKING hot skills for 4 Linux pros in 2017 BY SHAWN POWERS

with be- good advice, but it doesn’t mean we should rely completely ONE OF THE PROBLEMS coming on automation tools to do our jobs. Chef, Puppet, Ansible, a Linux expert is the definition is constantly changing. When Salt Stack, and similar tools are wonderful, but we need to I started in the Linux world, to be considered a Linux profes- understand what’s happening behind the scenes so when sional, you had to be able to compile your own kernel. Heck, something inevitably goes wrong, we know how to fix it. if you wanted to use Linux on a laptop, you had to compile With DevOps’ programmatic approach to computing, we a custom kernel to even be a user. These days, compiling still need people who can maintain, fix, and understand the your own kernel is usually a waste of time. That’s not to say systems functioning beneath the layer of code. Without it isn’t important, but in the open source world we build on the Linux experts, cloud computing is a scary place to live, successes of others, and Linux distributions provide us with even if that cloud is in your own server room. kernels that work well. Although not always that drastic, the demands on IT professionals change every year. 3. Development Here are four vital skills for the Linux pro in 2017: As a system administrator for 20 years, I never had the time to learn programming. Any development skills I had were ba- 1. Security sically scripting that helped me do my job faster. Those days I’m not talking about security experts or security consultants. are over. While we need to have system administration skills With connected devices infiltrating every aspect of our lives, in a DevOps world, we also need system administrators to we need to be security conscious in every decision we make. have programming skills. This year, my wife and I purchased a washing machine and a If you’re a crusty old sysadmin like me, you’ve probably ad- refrigerator, and both of them came equipped with Bluetooth. opted DevOps and use it on a daily basis. If you truly want The idea of hackers breaking into my rinse cycle might seem to excel, however, you need to learn how to solve problems silly, but any foothold is a potential attack vector. programmatically and not think of Chef or Puppet code only When we activate any system at work, home, or in our as configuration files. Every IT professional needs to have at pockets, we should consider the security issues they might least a grasp of programming concepts, because every aspect represent. And because items like Internet-enabled toasters of IT is getting abstracted at least somewhat by DevOps code. aren’t likely to get timely firmware upgrades, we need to de- sign the rest of our systems around the idea of mundane de- 4. Soft skills vices getting compromised. More than ever before, we need Often the last thing we think about while preparing for a to think about attacks coming from inside our firewalls. Don’t career are so-called soft skills—social and communication let your fileserver get hacked by your blender! skills—and yet they are probably skills most likely to deter- mine your success. Whether you’re looking for a new job, 2. DevOps or trying to adjust to the changing landscape of your current DevOps is no longer a new concept. For the past two or career, soft skills are vital. three years, we’ve been encouraging folks to learn about The lines dividing the various areas of IT are blending, and DevOps so they can succeed in the workforce. That was the ability to communicate well makes those blurred lines an advantage instead of a stumbling block. We live in a world Author in which developers are spinning up servers, and operations Shawn Powers has been teaching IT for more than a decade. His teams are writing Ruby code to maintain server farms. These specialties are Linux, Chef, and integrating are bold new ideas in IT, and without people able to commu- multiple platforms for larger networks. He has nicate between disciplines, the workplace becomes hostile a passion for teaching others, and his enthu- quickly. Plus, IT folks have always needed to communicate siasm comes through in his courses. He is an effectively with people in other areas of business. If anything, associate editor for Linux Journal. Connect that need is greater now than ever. with Shawn on Twitter: @shawnp0wers As you plan for 2017, what skills are you adding to your skill set? . Open Source Yearbook 2016 . Opensource.com 27 ...... WORKING......

Top programming trends in 2016 BY RACHEL ROUMELIOTIS

constantly moving for- erful frameworks, but there are smaller players, such as TECHNOLOGY IS ward—well, maybe not Nervana’s [5] Neon [6] and Theano [7]. always forward, but always moving. Even for someone who How has the rise in AI affected the software developer’s keeps an eye on the trends and their effect on programmers, landscape? Well, now is a good time to know Python—its discerning exactly where things are headed can be a chal- agility and popularity with data engineers and scientists lenge. My clearest glimpse into open source programming makes it the go-to AI programming language, followed by R, trends always comes Java, and Scala. in the fall when I work with my fellow chairs, Containers and Kelsey Hightower Go go together and Scott Hansel- like peanut man, and our fan- butter and jelly tastic programming Go 1.0 was re- committee to sculpt leased [8] in March the coming year’s 2012. Docker [9] OSCON [1] (O’Reilly followed a year Open Source Con- later, and Kuber- vention). The propos- netes [10] a year als that we get and after that. In short, the number focused Go wasn’t built ex- on specific topics turn clusively for the fu- out to be good indica- Image by: Museum of Photographic Arts. Modified by Opensource.com ture of infrastruc- tors of hot trends in the open source world. What follows is ture as we know it, but that seems to be one major hole Go an overview of the top programming trends we saw in 2016. is filling in the programming world. Go is specifically written in a way that Java or C++ could never have been—for a Languages powering AI highly networked world, a world in which first-class concur- Out of the AI winter of the 1990s, artificial intelligence has rency is a necessity. If you are in or near the operations side reemerged with the computing power that it always needed of things, you should at the very least dip a toe into the world to influence how we are building software. Machine learn- of Go because it is gaining steam, will be used for years to ing, deep learning, natural language processing, and auto come, and will be in the backbone of many applications. speech recognition blanket the world—from GitHub projects and job posts, to the reason behind the formation of new Swift transcends the Apple ecosystem companies, and clearing space on our cluttered counter tops Swift was open sourced by Apple [11] in 2015, not long after (Hey, Alexa!). And yes, even events such as OSCON are the programming language started. Swift has been a hit with teeming with the mention of all things AI. Although the iOS and Mac OS X developers. That the language was easy availability of computing power has paved the way, open to grok quickly became apparent, and it earned a reputation sourcing of all things AI has thrown the industry wide open for being safer [12] than the languages it aims to replace— to innovation and competition. Google’s TensorFlow [2], Objective-C and C++. How successful Swift is out in the OpenAI [3], and Apache Spark [4] lead the way with pow- crowded world of JavaScript frameworks [13] and other new . 28 Open Source Yearbook 2016 . Opensource.com languages remains to be seen, but if it continues gaining Time will tell whether they deliver on their promises. Try popularity with the Apple faithful, there is a chance that Swift them out, contribute to them, be a part of the future! will be a viable contender in the great web world and beyond. Resources Java 8 vs. the functionality of JVM languages [1] http://conferences.oreilly.com/oscon/oscon-tx The advent of Java 8’s functional capability—namely the [2] https://www.tensorflow.org/ introduction of Lambdas—has put JVM languages like [3] https://openai.com/blog/ Scala and Clojure on notice. Recently, due in large part to [4] http://spark.apache.org/ the growth of Apache Spark, Scala was having a bit of a [5] https://www.nervanasys.com/ growth spurt. Now both Scala and Clojure are seeming to [6] https://github.com/NervanaSystems/neon be set aside, at least for the moment, as long-time and new [7] https://github.com/benanne/nervana_theano developers alike take a hard look at what Java 8 brings to [8] https://blog.golang.org/go-version-1-is-released the table. Java is now able to address concurrency and big [9] https://opensource.com/resources/what-docker data concerns that other programming languages specifical- [10] https://opensource.com//resources/what-is-kubernetes ly built to address these requirements have been doing for [11] https://opensource.com/life/15/12/most-likely-succeed-​ years. In 2017, OSCON is nearly devoid of both Scala and 2016 Clojure, not by design, but by seemingly little interest from [12] http://bit.ly/1dYYSYI potential speakers who submitted proposals. [13] https://opensource.com/article/16/11/15-javascript- ​frame- works-libraries Up and coming languages [14] https://www.rust-lang.org/en-US/ And as usual, there are always more up and coming languages [15] http://elixir-lang.org/ on the horizon intended to do something better than those that [16] http://elm-lang.org/ came before them, that can answer needs that weren’t around [17] https://kotlinlang.org/ when previous languages were born, or that simply start out [18] https://perl6.org/ as a crazy idea and end up changing how we think about pro- gramming. This year five languages are on the verge of making it into the big time: Rust, Elixir, Elm, Kotlin, and Perl 6. Author What do the hot five bring to the industry? Rachel Roumeliotis, a Strategic Content Director at O’Reil- • Rust [14]: Systems programming at speed and more ly Media, Inc., leads an editorial team that covers a wide than a modicum of safety. variety of programming topics ranging from full-stack web • Elixir [15]: Functional, dynamic, and fault-tolerant for development, to open source in the enterprise, to emerging those larger and larger-scale apps. programming languages. She is a Programming Chair of • Elm [16]: More functional fun that plays with JavaScript, OSCON, O’Reilly’s Software Architecture leaning increasingly toward being a pleasure to use. Conference, and Fluent. She has been • Kotlin [17]: This one is for the Java and JVM folks—stat- working in technical publishing for over ically typed, safe, and did I mention Java compatible? 10 years, acquiring content in many ar- • Perl 6 [18]: It lives! Perl 6 happens to be a new language eas including mobile programming, UX, that is expressive and feature-rich for the win. computer security, and AI.

. Open Source Yearbook 2016 . Opensource.com 29 ...... WORKING......

ways to avoid getting hacked in 2017 50 BY DANIEL J WALSH

Paul Simon re- 8. Use confined SELinux users [7] to control what users do in WHEN I WAS YOUNG, leased his hit your systems. If you are running a shared login system, set song, “50 Ways to Leave Your Lover” [1]. Inspired by this up users as guest_t. song, I’ve collected 50 ways sysadmins and laypeople can avoid getting hacked: “You don’t need to be coy, Roy” 9. T ake advantage of systemd tools [8] to help secure your “You just slip out the back, Jack” services. Most system attacks are going to come through 1. Backup your data. If you get hit with ransomware, you a service listening on the network. Systemd provides don’t have to pay if you have backups. great ways to lock down the service. For example, use 2 Use a syncstop [2] when you have to charge your phone PrivateTmp=yes [9]. PrivateTmp takes advantage of the in a public place, or bring your own battery backup. mount namespace to set up a private tmpfs mount for 3 Take advantage of the auditing subsystems. There are the server’s /tmp. This prevents a hacked service from lots of cool tools to help monitor your system. If you do getting access to content in the host’s /tmp and poten- have a break in, the audit system might well be able to tially attacking the rest of the system based on services tell you what happened and what the attacker did. listening on /tmp. 4 Speaking of logs, offloading the logs to a centralized 10. InaccessibleDirectories=/home is a systemd unit flag server is always a good idea because if a hacker breaks that uses the mount namespace to eliminate the /home into your system, the first thing he is going to attack is (or any other directory) from the services view, which the logging system to cover his tracks. Having a good makes it more difficult for a hacked service ability to at- intrusion system watching the logs also helps. tack the content. 11. ReadOnlyDirectories=/var is another systemd unit flag “Make a new plan, Stan” that uses the mount namespace to turn the directories 5 Run SELinux in enforcing mode (see stopdisablingselinux.com [3]). Didn’t think it would take me this long to get to that one? SELinux prevents escalations of zero day vulnerabilities. When Shell Shock [4] came out, SELinux was the only defense. 6 Run applications in the SELinux Sandbox [5] whenever possible—it was a container before containers were cool. Also follow the development of Flatpack [6], which soon should be developing sandboxing capabilities. 7 Don’t install or use Flash. Firefox no longer supports it, and hopefully most web servers are moving away from it. Image by: Opensource.com, CC BY-SA 4.0 . 30 Open Source Yearbook 2016 . Opensource.com contents into read-only mode. You probably should al- before his system was infested with viruses. I returned ways run with /usr in ReadOnlyMode. This would pre- and installed Linux on his system, and he has been run- vent a hacked application from rewriting the binary, so ning it ever since. I believe Linux generally is a more the next time it started the service, you would already secure system because of the way it was designed, but be hacked. I also believe the desktop is less likey to be hacked be- 12. Drop capabilities from a service (CapabilityBound- cause of the smaller user base. Some would argue that ingSet=CAP_CHOWN CAP_KILL). In the kernel, privil- Windows has improved greatly over the years, but for iged processes are broken down into a series of distinct me, I am still sticking with what I know. capabilities. Most services do not need many (if any), 22. Only run distributions with a Security Response Team [13] and systemd provides a simple switch to drop them from watching over the security of the distribution. Enterprise a service. Software is important. 13. If your service is not going to use the network, then you 23. Run an enterprise-level kernel. In containers, the single can turn it off for the service using PrivateNetwork=yes. point of failure is the kernel. If you want to keep it secure, Just turning this on in a service unit file takes advan- use an enterprise-level kernel, which means it has the tage of the network namespace and turns off all networks latest security fixes, but is not bleeding edge. Remember available to the service. Oftentimes a hacker does not the latest kernel comes with the latest security fixes, but actually want to break into your machine—he just wants it also comes with a ton of new code that could have to use it as an attack server to attack other machines. If vulnerabilities. the service can’t see the network, it cannot attack it. 14. Control the devices available to your service. Systemd “You don’t need to discuss much” provides the DeviceAllow directive, which controls the 24. Most hacks are social engineering—for example, email devices available to the service. DeviceAllow=/dev/null links, web browser attacks, and phone calls. The best rw will limit access to /dev/null and only this device node, option here is to be educated and skeptical. No one from disallowing access to any other device nodes. The feature Nigeria is giving you money. The IRS is not calling your is implemented on top of the device’s cgroup controller. house demanding money. If you get a link to a web site 15. Coming soon to a systemd system near you is a new in email from your bank, don’t use the link. Type the ad- feature, ProtectSystem Strict [10], which can turn on all dress directly on the web browser. of these namespaces to fully lock down the environment 25. Always keep your systems fully up to date with the latest in which a service runs. security fixes. The number of systems that are outdated and have known security vulnerabilities is scarey. Script “Just get yourself free” kiddies rely on you not to update your system. 16. Don’t use a cell phone without SELinux (SEAndroid [11]) 26. Always use HTTPS when connecting to services on the in enforcing mode. Luckily, I heard that more than 90% of network. Chrome and Firefox now have modes to en- all Android phones now run with SEAndroid on in enforc- force this. If a web site does not support secure commu- ing mode. That makes me happy. Now if we could only nications by 2016, it is probably not worth your visit. get those Apple guys to use SELinux. 27. Use seccomp [14] in your containers. This limits the at- 17. Only install software from trusted sources. Don’t install tack surface on the kernel, which is the single point of dodgy things you find on the Internet. This goes for your failure. Limit what the processes can discuss. cell phone, computer system, virtual machines, contain- ers, and so on. “Just drop off the key, Lee” 18. I don’t do online banking on my phone—only on my Linux 28. Use a YubiKey [15] for storing private keys. computer. If a hacker steals my credit card, I lose 50 29. Encrypt your data on your systems. At least for laptops, bucks; if he gets into my bank account, I lose a lot more. keep your homedir and your other data directories en- I guess I am old. (Get off my lawn.) crypted. I was riding the subway in London a few years 19. One cool thing I did do with my phone is set up my credit ago, and had my Laptop “nicked”—the door of the train card companies to send me a text every time my credit car closed, and I noticed by laptop was gone and the card has been charged. That way if the number gets train was pulling out of the station. Luckily, the disks were stolen, I will know a lot quicker. encrypted. 20. When you need to communicate securely, use the Signal 30. Use Let’s Encrypt [16] for all your web sites. There’s no secure messaging app [12]. reason not to run HTTPS anymore. 31. Never use the same password on different web servers. “Hop on the bus gus” This one is difficult not to fall into the trap. Tools like Let’s 21. Run Linux on your systems. When I first hooked my Encrypt help a lot. It’s even better if you use ssh keys to father up with a computer system, I barely got home log into systems. . Open Source Yearbook 2016 . Opensource.com 31 ...... WORKING......

32. Use two-factor authentication (2FA). Passwords have 42. Run your containers in read-only mode [24]. Containers become just about useless. Using YubiKeys and the like in development need to be able to write to /usr, but a make two-factor easy. We all have cell phones. Having a container in production should only be able to write to secret in your head and one generated on the phone is tmpfs and volumes mounted into the container. always better than a password. 43. Drop capabilities from your containers [25]. We run our 33. Nothing aggravates me more than websites always ask- processes in and outside of containers with many more ing me to set up an account—can’t we do better? Al- “capabiltiies” than they need. You can make your pro- ways use a password-generating tool for your website cesses more secure by dropping capabilties. passwords. I am old school: I use Password Safe [17] 44. Don’t run your processes in containers as root [26]. Most and cut and paste into the web browser. I have heard services never need root privileges, or they need it to that other people have good luck with LastPass [18] bind to a port < 1024 and then switch to a non-root user. and other tools that integrate your phone and web I would advise always running apps as non-root. service. 45. Keep your containers updated with the latest CVEs fixes. 34. Set up a service like FreeIPA [19] to use for identity ser- Using a system like OpenShift for building and main- vices. Using tools such as Kerberos [20] for authentica- taining your container images is a good idea, because tion and authorization makes keeping track of employ- it automatically rebuilds container images when a new ees and their access to systems much easier (and it has security fix appears. cool crypto services). Using Active Directory is ok, but I 46. An associate of mine says, “Docker is all about running am a little prejudiced. random code from the Internet as root on your host.” Get 35. When you must use a password that you need to type your software from a trusted source. Don’t grab the first in often, use an easily remembered sentence rather Apache application that you find at docker.io. The oper- the a word. My preferred way to remember passwords ating system matters [27]. is to use a phrase several words long that is easy to 47. Run your containers in production on a limited container- type. ized optimized host, such as an Atomic Host [28], which comes with all of the security turned on, optimized for “And get yourself free” running containers, with a limited attack surface and 36. Use USBGuard [21] to protect your system from rogue atomic updates. What is not to like there? USB devices. 48. Use tools like OpenScap [29] to scan your systems for vul- 37. The past few years, I have been working on containers, nerabilities. Sadly, new vulnerabilities are always popping so now let’s dive into security on containers. First run up, so you must keep your scanners up to date. (Take a look them on a system with SELinux turned on in enforcing at atomic scan [30] for scanning your containers, as well.) mode. If your system does not support SELinux, switch 49. OpenScap also has features to scan for security configu- the distribution to one that does. SELinux is the best ration [31], such as STIGs (Security Technical Implemen- tool for protecting against container break out using the tation Guides). file system. 50. Set up a special guest network for all those Christmas 38. Run your service inside of a container whenever pos- IoT devices your kids receive. I love my Amazon Echo sible. I believe this is the future—applications using and automated lights and power switches (“Alexa, turn OCI Image Format [22] and Linux container technology. on the Christmas Lights”), but each one of these is a Launch these containers with Docker, runC [23], OCID, Linux operating system that has questionable security. RKT, Systemd-nspawn, and so on. Although I have often said “containers do not contain,” they do contain better “There must be 50 more ways not to get hacked” than not running them inside of a container. What would you add to the list? 39. Run your container in a VM. Virtual machines provide Josh Bressers contributed to this article. better isolation than containers. Running like containers on virtual machines provides you scalability and isolation Resources from each other. [1] https://www.youtube.com/watch?v=0H5chfbcWtY 40. Run containerized apps with different security needs on [2] http://syncstop.com/ different virtual machines. Run your web service contain- [3] http://stopdisablingselinux.com/ ers on virtual machines in the DMZ, but run the database [4] http://danwalsh.livejournal.com/71122.html containers on virtual machines outside of the DMZ. [5] http://danwalsh.livejournal.com/31146.html 41. Also remember to run your virtual machines requiring [6] http://flatpak.org/ the most security on different physical machines, on differ- [7] http://danwalsh.livejournal.com/37404.html ent virtual machines inside of containers (a.k.a., defense [8] http://0pointer.de/blog/projects/security.html in depth). [9] http://danwalsh.livejournal.com/51459.html . 32 Open Source Yearbook 2016 . Opensource.com [10] https://www.phoronix.com/scan.php?page=news_ [28] https://access.redhat.com/articles/rhel-atomic-getting-​ item&px=systemd-New-Protect-Tunables started [11] https://source.android.com/security/selinux/ [29] https://www.open-scap.org/ [12] https://whispersystems.org/ [30] https://developers.redhat.com/blog/2016/05/02/introducing-​ [13] https://access.redhat.com/blogs/766093/posts/2695561 atomic-scan-container-vulnerability-detection/ [14] https://lwn.net/Articles/656307/ [31] https://www.open-scap.org/security-policies/scap-security-​ [15] https://www.yubico.com/ guide/ [16] https://letsencrypt.org/ [17] https://pwsafe.org/ [18] https://www.lastpass.com/ Author [19] https://www.freeipa.org/page/Main_Page Daniel Walsh has worked in the com- [20] https://web.mit.edu/kerberos/ puter security field for almost 30 years. [21] https://github.com/dkopecek/usbguard Dan joined Red Hat in August 2001. Dan [22] https://www.opencontainers.org/ leads the RHEL Docker enablement team [23] https://runc.io/ since August 2013, but has been work- [24] http://www.projectatomic.io/blog/2015/12/making-docker-​ ing on container technology for several images-write-only-in-production/ years. He has led the SELinux project, concentrating on [25] http://rhelblog.redhat.com/2016/10/17/secure-your-​ the application space and policy development. Dan helped containers-with-this-one-weird-trick/ developed sVirt, Secure Vitrualization. He also created the [26] https://www.projectatomic.io/blog/2016/01/how-to-run-a- SELinux Sandbox, the Xguest user, and the Secure Kiosk. more-secure-non-root-user-container/ Dan has a BA in Mathematics from the College of the Holy [27] https://www.opensource.com/16/12/yearbook-why-​operating-​ Cross and an MS in Computer Science from Worcester system-matters Polytechnic Institute.

. Open Source Yearbook 2016 . Opensource.com 33 Best Couple Display manager and

window manager BY DAVID BOTH

Couple agers are not directly associated with a specific desktop. MY SELECTION FOR BEST of 2015 Any of the display managers can be used for your login [1] was ssh and tar, a pair of Linux commands that screen regardless of which desktop you are using. And not work together nicely all desktops have to accomplish great their own display things. This year I managers. Such have made a differ- is the flexibility of ent type of selection Linux and well-writ- for Best Couple of ten, modular code. 2016. My choices for The typical desk- Best Couple this year tops and display are actually a pair of managers are shown program types—not in the Table 1. specific commands The display man- or programs. ager for the first desk- So let’s welcome top (i.e., GNOME, our Best Couple KDE, etc.) installed of 2016: Put your is the default one. For hands together for Fedora, this is usu- the display manag- Image by: Internet Archive. Modified by Opensource.com. ally GDM [2], which er (dm) and the window manager (wm). is the display manager for GNOME. If GNOME is not installed, These two programs, regardless of which ones you use on your Linux GUI desktop system, always work closely to- Table 1: A short list of display managers. gether to make your GUI experience smooth and seamless Display before you even get to your desktop. Desktop manager Comments GNOME GDM GNOME Display Manager Display manager KDE KDM KDE Display Manager (up through The display manager is a bit of code that provides the GUI Fedora 20) login screen for your Linux desktop. After you log in to a GUI LightDM Lightweight Display Manager desktop, the display manager turns control over to the win- LXDE LXDM LXDE Display Manager dow manager. When you log out of the desktop, the display manager is given control again to display the login screen KDE SDDM Simple Desktop Display Manager (Fedora 21 and above) and wait for another login. There are several display managers—some are provided XDM Default X Window System Display with their respective desktops. Note that some display man- Manager . 34 Open Source Yearbook 2016 . Opensource.com Best Couple

then the display manager for the installed desktop is the default. If the desktop selected during installation does not have a default display manager, then GDM is installed and used. If you use KDE as your desktop, the new SDDM [3] (Simple Desktop Display Manager) will be the display manager. Regardless of which display manager is configured as the default at installation time, later installation of additional desktops does not automatically change the display man- ager used. If you want to change the display manager, you must do it yourself from the command line. Any display man- ager can be used, regardless of which window manager and The window manager works with the X Window System [4] desktop is used. or the newer Wayland [5] to perform these tasks. The X Win- dow System provides all of the graphical primitives and func- Window manager tions to generate the graphics for a Linux or Unix graphical The function of a window manager is to manage the creation, user interface. movement, and destruction of windows on a GUI desktop. The window manager also controls the appearance of the windows it generates. This includes the functional decorative Table 2: A short list of window managers. aspects of the windows, such as the look of buttons, sliders, Window window frames, pop-up menus, and more. Desktop manager Comments As with almost every other component of Linux, there are Unity Compiz many different window managers from which to choose. The Fluxbox following list represents only a sample of the available win- dow managers. FVWM Note that most window managers are not directly associated IceWM with any specific desktop. In fact, some window managers can KDE Kwin Starting with KDE Plasma 4 in 2008 be used without any type of desktop software, such as KDE GNOME Metacity Default for GNOME 2 or GNOME, to provide a minimalist GUI experience for users. GNOME Mutter Default starting with GNOME 3 How do I deal with all these choices? twm A very old and simple window manager. Some distros like Fedora use it as In most modern distributions, the choices are made for you at a fallback in case no other window installation time and are based on your selection of desktops manager or desktop is available. and the preferences of the packagers of your distribution. The desktop itself can be easily changed in some distributions and Xfce Xfwm the display manager can also be changed in many cases. . Open Source Yearbook 2016 . Opensource.com 35 Prior to Fedora 18, changing the display manager was which to choose. With a little research, you can make done by changing the line PREFERRED= in the /etc/syscon- interesting changes. fig/desktop file. That file was sourced by the /etc/X11/ prefdm file. If the file did not exist, you could create it, add- Resources ing the PREFERRED= line (in caps) with the name and path [1] https://opensource.com/business/15/12/best-couple-2015- of the preferred desktop manager. You could also set it tar-and-ssh directly in the prefdm file, but that change could be wiped [2] https://wiki.gnome.org/Projects/GDM out by an upgrade or reinstallation. [3] https://github.com/sddm Now that systemd [6] has become the standard startup [4] https://en.wikipedia.org/wiki/X_Window_System system in many distributions, you can set the preferred dis- [5] https://en.wikipedia.org/wiki/Wayland_(display_server_protocol) play manager in /etc/systemd/system, which is where the [6] https://www.freedesktop.org/wiki/Software/systemd/ basic system startup configuration is located. There is a [7] https://docs.fedoraproject.org/en-US/Fedora/13/html/​ symbolic link (symlink) named display-manager.service that Deployment_Guide/s2-x-clients-winmanagers.html points to one of the display manager service units in /usr/ lib/systemd/system. Each installed display manager has a Additional resources service unit in the /usr/lib/systemd/system directory. • X Window Manager: https://en.wikipedia.org/wiki/X_​​ To change the active display manager, remove the exist- window_​manager ing display-manager.service link and replace it with the • Comparison of X window managers: https://en.wikipedia. one you want to use. For example, to configure to use the org/wiki/Comparison_of_X_window_managers KDM display manager, use the following commands: • X Display Manager: https://en.wikipedia.org/wiki/X_​ display_​manager_(program_type) cd /etc/systemd/system • Simple Desktop Display Manager: https://en.wikipedia. rm display-manager.service org/wiki/Simple_Desktop_Display_Manager ln -s /usr/lib/systemd/system/kdm.service display-manager.service • X Window System: https://en.wikipedia.org/wiki/X_Window_​ System The only information I could find initially about chang- • Wayland: https://en.wikipedia.org/wiki/Wayland_(display_​ ing the window manager is in the Fedora 13 Deployment server_protocol) Guide [7], which is obviously fairly old and may no longer • X Window System Protocols and Architecture: be valid. I also found information on the wmctrl command, https://en.wikipedia.org/wiki/X_Window_System_​protocols_​ which, as its name implies, provides some control over the and_architecture window manager but no capability to change the window manager. I did find that some distros and desktops have various Author means of changing the window manager. For example, David Both is a Linux and open source advocate who GNOME users can use gconf-editor and Puppy Linux resides in Raleigh, North Carolina. He has been in the IT uses the wmswitcher command. industry for more than 40 years and taught OS/2 for IBM, where he worked for more than 20 years. While at IBM, Conclusion he wrote the first training course for the original IBM PC in As with many other components of GNU/Linux, many 1981. He has taught RHCE classes for Red Hat and has different display and window managers are available. worked at MCI Worldcom, Cisco, and the State of North When you install most modern distributions with any Carolina. He has been working with Li- kind of desktop, the installation program chooses which nux and open source software for almost ones to install and activate. For most users, there should 20 years. David has written articles for never be any need to change these choices. For others OS/2 Magazine, Linux Magazine, Linux who have different needs or who are simply more adven- Journal, and OpenSource.com. Follow turous, there are many options and combinations from David on Twitter: @LinuxGeek46

. 36 Open Source Yearbook 2016 . Opensource.com ...... COLLABORATING

steps to innersource in 10 your organization in 2017 BY JONO BACON

an increasing number a company, you must understand the drivers in the existing IN RECENT YEARS, of organizations, often culture, and then ensure you consider these as you roll out non-technology companies, have kept a keen eye on open the innersource program. source. Although they may be unable to use open source to the fullest extent in their products and services, they are 1. Understand process and collaboration interested in bringing the principles of open source within the At the core of how people work together are collaborative in- walls of their organization. This “innersource” concept can frastructure and processes. These include code hosting, peer provide a number of organizational benefits. review, continuous integration, automated testing, documen- As a consultant who helps build both internal and external tation creation, knowledgebases, incentive programs, and communities in companies, I find the major challenge fac- more. You should understand all of these details, how they fit ing organizations is how to put an innersource program in together, and where the shortfalls lay in both the wider execu- place, deploy resources effectively, and build growth in the tion of these pieces and the experiences of staff using them. program. I recommend breaking the organization up by teams and To help you get started, I present a high-level model that then put together a map of: shows how you can build a consistent, • What each team predictable, and sus- consumes tainable innersource • What each team program. Take this produces model, adjust to • How each team taste, and build a works thriving community • How they inter- in your organization. face with other teams Understand • The benefits and Fundamentally, in- disadvantages of nersource is a cul- current systems tural change for a company. Although 2. Understand many people think the people and of this as a tradi- Image by: Internet Archive Book Images. Modified by Opensource.com. CC BY-SA 4.0 drivers tionally software engineering workflow challenge, you need Outside of the collaborative nuts and bolts of how things get to focus instead on building an asynchronous, permissive, done, understanding the people involved is equally critical. meritocratic, and collaborative environment. Of course, this A company brings together a multitude of people, personal- encompasses development workflow, but is not limited to it. ities, and perspectives. You need to understand them, their The challenge with cultural change is that culture is an goals, their fears, and their agendas. Cultural change must amorphous mass of ideas, opinions, habits, fears, dreams, be mindful of the realities of the environment in which it op- values, and more. Before you can integrate innersource into erates. You can’t build an innersource program by dictating . Open Source Yearbook 2016 . Opensource.com 37 ...... COLLABORATING......

it to people—you need to build something that people want Put simply, a backlog is a big, shared to-do list. When you to use and that encourages the behaviors you want to see. have built out your strategy, you map all the individual proj- I recommend building your own organizational chart that ects to the backlog. This provides a place where you can shows: discuss, refine, and improve individual deliverables. When some of these deliverables are ready for implementation, • the breakdown of influence (key stakeholders and deci- they can be pulled off the backlog into an active work plan sion makers), and have resources assigned. This means that you can • where people deliver work (teams and key employees), evolve the implementation of your strategy in the backlog, and even when not actively applying resources. • individual agendas and goals with each person (stop energy, people gunning for certain outcomes, intrinsic 5. Develop a maturity model and extrinsic reward motivations, etc.). One of the challenges I regularly see when I work with cli- ents who want to build innersource into their organizations Plan is that they don’t know what success looks like. Now, that With a firm understanding of the current environment, you sentence right there sounds like business book nonsense, then can build a roadmap of your route to a smooth, efficient, but this issue is real. For example, if you want to improve inclusive, and enjoyable innersource environment. developer efficiency when it comes to code review, how do you determine that this goal was achieved? How do 3. Create a strategic plan you measure the work and determine which measure- Your first step is to build an overall strategy, a complex ments mean you’ve nailed it? For many of these issues, undertaking as you can imagine. Integrating open source you are building qualitative cultural change. How do we principles in a company involves a huge array of different measure that? considerations, such as developer workflow, infrastructure, This challenge is exacerbated by your different audienc- communication, policy (such as openness and transparency), es. Although those involved in the implementation of this incentivization models, segmented engagement, wider mes- work will want to get to the nitty gritty of what success looks saging, governance, and more. like, senior management and stakeholders won’t want the Not only do you have much to do, but as your work priori- details, but instead only want information on important ties will vary (some projects are more urgently required than trends. A useful approach to this is a “maturity model.” others), you will have limited resources, and some colleagues A maturity model breaks the different evolutionary phases in the company will have limited buy-in or even seek to block of a solution into a set of expectations of what success looks the project. like. I tend to think of these different chronological stages, To get people onboard and involved, you need to: in order:

• build a strategy; • Unaware: The company is unaware of the solution. • define priorities; • Explored: The solution is being explored. • get a sense of resourcing; and • Defined:The solution is defined and executed. • factor in messaging, engagement, and roll-out for each • Adopted: The solution is adopted in the company. of these pieces. • Optimized: The solution is being optimized and improved.

I recommend building out an overall wider strategic plan For each of these you would say what to expect. For exam- that maps to the next one or two years, covering the key ple, if you build code review into the company, the entry for areas of focus. Next, break that plan into shorter execution “Explored” could be “A small proportion of teams are actively cycles in which you pull out key goals from the broader plan experimenting with code review in non-critical codebases.” and map them to practical deliverables with metrics. This will form your backlog. Execute With a strategy, backlog, and maturity model in place, you 4. Build a backlog know what you need to do. Now you need to make these Fundamentally, strategy is a map that tells you where you projects happen. want to go. Strategy needs to be converted into practical projects and deliverables that you can apply resources to, 6. Deliver priority projects such as development time, funds, and so on. The challenge With your backlog in place, your first step is to decide is that each strategic objective will invariably involve a multi- which projects to name as priorities in your work plan. De- tude of these sub-projects and goals. The best way to man- ciding this is dependent on which work must be performed age this situation is with a backlog. most urgently and what resources are currently available. . 38 Open Source Yearbook 2016 . Opensource.com Although the urgency of the work is important, resources code, messages, participation, and other examples. You are the really defining criteria here—we can’t build things should never bring a project into the work plan unless you with nothing. have a key way to measure it. I recommend you do this on a cadence (every two weeks, monthly, quarterly, etc.). Bring together key leaders for the 9. Survey your users program, review the backlog, define resourcing, and then fi- Analyzing numbers is convenient, because we usually have nalize the work plan. computers do all the work, but we also need to track human elements, such as happiness, empowerment, inclusivity, and 7. Communicate to different groups other areas. Non-empirical analysis is difficult to do as these With your work plan in place you can start delivery. You things don’t usually map to numbers well. should be defining milestones, metrics, and regularly re- A useful way to get data is to run an anonymous survey viewing deliverables. Given the cultural implications for regularly that asks people how they feel about these human this work, communication—and in some cases, over-com- elements of the innersource experience. The staff must feel munication—is key. We want to ensure the wider compa- comfortable if they are to be critical. You need to give them ny, key stakeholders, leadership, and others have a good express permission to criticize without consequences. sense of: As important as the execution of the survey is, the word- ing of the questions and options is key, too. Wording and • what the strategy is, selections can often inadvertently influence responses, so • what the work plan is, I recommend you have a few people feed into the structure • how that work is being delivered, and of the survey. • what the results of the work are. 10. Update the strategy Bear in mind that these various audiences will have different Once you have this data, ask yourself and the team hard communication needs. Senior leadership will need the over- questions about what trends and patterns these illustrate view and results, key leaders will require more depth, and and how you can refine the overall strategy, re-organize team leads will want the details. the backlog, and adjust how projects are prioritized, built, You will need to create a way of pulling out these overall and managed with others. Of course, helping to bring in- details, design the communication for the right audiences, nersource into a company is a complicated endeavor with and update your audiences regularly (with weekly reports, countless different details, but I hope this article provided for example). Also, be sure to message the entire company an overall framework in which you can fill in the gaps with regularly where appropriate. the pieces that relate to your specific organization.

Review and improve Bringing innersource into a company is an imperfect art Author and science. Companies vary, people vary, and approach- Jono Bacon is a leading community manager, speaker, es vary. You have to roll a program that meets the specific author, and podcaster. He is the founder of Jono Bacon needs that you sought to understand at the beginning of Consulting, which provides community strategy/execution, this process. developer workflow, and other services. He also previous- As such, regularly evaluating your work and assessing ly served as director of community at GitHub, Canonical, how well it is going is critical, because you will need to XPRIZE, OpenAdvantage, and consulted and advised a make suitable changes. Doing this evaluation isn’t easy; range of organizations. Bacon is a prominent author and it can tap into people’s fear of failure, but conquering such speaker on community management and best practice, fear is important. Some things you do will not go well, and and wrote the best-selling The Art of Community (O’Reil- others will deliver sub-optimal results. Identifying the flaws ly), is the founder of the Community Leadership Summit, that negatively affect your work and rectifying them is the founder of the Community Leadership Forum, and is a point of your analysis. regular keynote speaker at events about community man- agement, leadership, and best practice. 8. Gather quantitative data He also writes columns for Forbes and A first step is to gather data—in other words, numbers. For Opensource.com. He lives in the San each project you work on, define a set of metrics you want to Francisco Bay Area in California with his track and how you will read those metrics to determine suc- wife, Erica, and their son, Jack. Follow cess. Examples of these metrics are usage, contributions, him on Twitter: @jonobacon

. Open Source Yearbook 2016 . Opensource.com 39 ...... COLLABORATING ...... cool little open source projects that stood out 7 in 2016 BY D RUTH BAVOUSETT

of the open source input decks and four sampling decks, tools for synchroniza- IN THE EARLY DAYS movement, a lot of tion during cross-fades, key detection and pitch shifting for the attention was on operating systems, and later on large harmonic mixing, and built-in effects. You can play your mix- content management systems. These days, containers are es live, record them, or stream them over the Internet using mentioned regularly even in mainstream news outlets. The SHOUTcast [3] or Icecast [4]. Mixxx has an amazing music big tech stories are great, but they miss the other great ac- library system to let you organize your music in any way you tivity in the niches of the open source space. I’ve rounded like, giving quick access to songs in the library. Mixxx has up seven interesting lesser-known projects from the past comprehensive support for DJ hardware controllers, includ- year. You can see more articles about projects like this in my ing more than 80 of the most popular models. Nooks and Crannies [1] column. Mixxx, mixing Madonna with herself. Don’t judge my music! Mixxx: A DJ’s Swiss Army knife In the late 1980s, I worked as a disc jockey for a local radio station and as a mobile DJ for parties, weddings, and danc- es. It was a lot of fun and wasn’t a hard business to start. You could set up shop with two CD players, a decent mixer and amplification system, and alot of CDs. Thirty years later, what sticks in my head was lugging all those CDs. Sampling was virtually unheard of for mobile DJs back then. Common- ly available computers were expensive and slow enough that playing music from a PC was risky—it would hang while buff- ering at some point during a show. The technology for DJs has dramatically changed in the intervening years. An inexpensive computer can handle ev- I took a look at the Mixxx community, and it’s a robust, erything we could do in the ‘80s, and much more. Mixxx [2] well-organized group of dedicated souls with broad di- is an open source system that acts as a mixer and sampler versity. There are forums, a huge wiki, and excellent bug for a mobile or club DJ. It’s incredibly feature-rich, with four and release tracking all set up and well-established. The community has adopted a well-written code of conduct [5] that discourages problematic behavior among mem- bers. On the wiki, you’ll find great tips on hardware [6] for use with Mixxx, and a Getting Involved page [7] that talks about how even non-programmers can get plugged into the Mixxx community. Mixxx is a C++ application and is available under the GPL v2 license [8] for Windows, OS X, and Linux. Version 2.0 came out in December 2015.

sofa: Not a place for lazy data scientists The R project [9] is a widely used software environment for statistical computing, and its use in data analysis continues Image by: Internet Archive Book Images. Modified by Opensource.com. . . 40 Open Source Yearbook 2016 . Opensource.com Open Source Yearbook 2016 . Opensource.com to rise. The rOpenSci project [10] is producing tools to allow building a network of robotic telescopes. This global array will R to access large repositories of science data and full-text detect transiting exoplanets for further examination by larger journal articles. One of the tools from the rOpenSci team is earth- and space-based telescopes. sofa [11]. Sofa is a kit of tools for allowing easy access in R Each participant builds a robotic telescope using off-the- to CouchDB [12] NoSQL document databases. shelf equipment: A commercially available camera, an Arduino To begin using sofa in a program, you create a server Micro, an Intel NUC, and other easy-to-find components. handle, cleverly called a cushion: You can buy most of the components from Amazon, and the total cost is less than US$ 5,000. These telescopes will myCushion <- Cushion$new( share their data with the project servers, and image analysis host = "myhost.mynet.org", from many units will go into finding potential results. When transport = 'https', desired by the owner, an individual telescope may be taken port = NULL, offline for unrelated observations. This makes it an ideal proj- user = 'username', ect for schools and science educators, as they get to be in- pass = 'mypassword' volved in a larger global project, and have access to a quality ) telescope for their local teaching work. The PANOPTES project is continuing to refine its hard- Once you have a cushion, you can connect to any database ware design. Beta testers for the system are welcome to or create and destroy databases. A database creation is as build one according to the instructions on the website. Much simple as: work also is being done on the centralized observatory con- trol system, which directs each of the robotic telescopes in db_create(myCushion, 'felines') their observations. This is a project worth watching not just for the science it can do, but for learning about a process for Once you’ve created a JSON or XML document, inserting it engaging people in other distributed-science teams. into the database is easy: OpenAPS: Enhancing life quality for Type 1 my_kitty <- '{"name":"Midnight", "color":"black", diabetes patients "furry":true, "size":'large', "gender":"tom"}' One of the high-water marks of OSCON this year for me was doc_create(myCushion, dbname="felines", my_kitty) Dana Lewis’s keynote [18] about OpenAPS [19], a simplified artificial pancreas for Type 1 diabetes patients. OpenAPS You can optionally specify a fourth parameter to the uses currently available medical tools—diabetes pumps and doc_create to force the document ID to a known value. continuous glucose monitors, paired with Raspberry Pi or If you don’t use it, the default is to use an automatically Intel Edison computers. The system takes care of the com- generated hash key. plicated calculations that a pump user normally must do to Ready to query? It’s straightforward: keep their blood glucose levels steady. By updating every five minutes, it’s doing the work in near-real-time 24-hours a day. db_query(myCushion, dbname="felines", selector=list(size = 'large'))$docs This means less hassle for the user during the day, and better sleep at night. This query returns a structure with the full document, including The core belief of this effort is that by open sourcing the ID and revision for all documents that have a size field of large. project code, they can make APS (Artificial Pancreas Sys- There are tools that let you limit your return to specific fields tem) technology available to more people more quickly than and much more complicated searching than this example. current closed-source APS medical research. The OpenAPS Sofa is a great tool for unlocking the data in CouchDB; if team has taken a conservative approach to dosing to help big data is your game, it might be the right tool for you. All keep it safe as well as effective. of rOpenSci’s work is MIT licensed and has a contributor More than 90 units have been deployed, with more than 30 code of conduct [13]. The code is available on GitHub [14]. of those in the summer and fall of 2016, and about a third of the OpenAPS users are children. The community is user-led, PANOPTES: Open source astronomy and new users are welcome. The documentation [20] for build- I interviewed Jennifer Tong and Wilfred Gee from the PAN- ing one of your own is freely available and deeply detailed. It OPTES project [15] in April. I enjoyed their OSCON confer- explains not only the how but the why; with an emphasis on ence [16] presentation, and have been following their website patient safety. [17] for more information about this great project. PANOPT- Many of us who work in IT want to make lives better by ES (Panoptic Astronomical Networked OPtical observato- making computers do interesting things, and OpenAPS is ry for Transiting Exoplanets Survey) is a project harnessing one of the best examples I’ve found of using our open source the power of interested citizen scientists around the world in skills to help our loved ones. . Open Source Yearbook 2016 . Opensource.com 41 41 ...... COLLABORATING......

OpenEMR: Tools for keeping a medical bibisco: The novelist’s friend practice organized In September 2016, I covered bibisco in my column [26]. I’ve always had the impression that doctor’s offices are quite Written by Andrea Feccomandi, bibisco [27] is an open complex places to work. Lots of diverse information must be source alternative to programs like Scrivener [28]. I was im- kept and secured, and the functions that use patient infor- pressed with the polished feature set, and as I said then, I’ve mation are equally diverse. Recently I was surprised to learn been moving my own novel and other writings into it. There about OpenEMR [21], an open source practice-management was only one thing holding me back from full-throated enthu- system. It’s been around a while, having been first devel- siasm for this project, and that was a lack of an OS X client. oped in 2001, under another name. The first release was out Andrea packaged it for Windows and 32- and 64-bit Linux. A in 2002, under the GPL V2.0 license. friend of mine made things sort of work, with a lot of finesse, The feature list is impressive. Besides a robust patient re- on his Mac, but it was a mystery to me how to do it. cords system, OpenEMR has a built-in medical billing sys- Bibisco has really revolutionized the way I’m writing tem that can take part in the major billing clearing houses my novel. For each of the scenes in a chapter, I’ve got a using ANSI ASC X12 [22] and can use any coding system separate entry with a one-line title describing that scene. I desired. OpenEMR also handles online prescription order- can use these entries as a storyboard for the chapter, re- ing, using ePrescribe [23], as well as more traditional print, arranging them as I desire. Each chapter can be tagged fax, or email methods. If installed as a service, OpenEMR with locations and characters, and I can get reports on how also has a patient portal system to handle communications often those appear across the book. I’ve made a fair bit of with patients. If an office already has a popular patient por- progress since finishing the switchover, and I couldn’t be tal system in use, the system can communicate via API and happier. There was that one nagging little problem, though. use that instead. I could only work on the novel at home where I have a Win- dows machine; my Macbook just couldn’t do it. Imagine my The OpenEMR Patient Information screen surprise a few days after the release of the article when An- drea commented and told the world that he had purchased a Mac so that he could release the OS X client. Then, a month later, he commented again, announcing the release of the OS X client on the website.

Pa11y: Automated accessibility testing One oft-ignored element of web design is accessibility. Many of the guidelines are hard to test, but there are a number of specific, testable criteria that designers can use—if they have the right tool for the job. Enter Pa11y [29], a suite of tools for one-off or automated testing of web pages for ac- cessibility against a broad list of criteria sets. Installation of the basic toolkit is easy with npm, so you can test your pages OpenEMR offers a staggering list of reports, and one fea- right away and get feedback and specific suggestions for im- ture that caught my eye is that it is supported in more than 20 provement. If your organization would like to do ongoing or languages and has the ability to support multiple languages periodic testing of pages, installing the dashboard and web in the same clinic. This is a nice feature to have in diverse service is straightforward. You can see a demo of this dash- cities with large populations of non-local-language speakers, board at demo.pa11y.org [30]. as each user can choose their own language set. OpenEMR The community is actively working on a new version of its is fully UTF-8 compliant. website, which includes much more detailed information for With an estimated 5,000+ installs in the US alone, Open- developers and others wanting to contribute. The group has EMR has a thriving community of users and developers. adopted a code of conduct [31] adapted from the Contributor The OEMR Foundation [24] is a US charitable organization Covenant [32]. They are also beginning work on a new, more set up to support OpenEMR adoption and development refined version of the dashboard application called Sidekick. to promote more affordable healthcare for all. There are Coding has begun on that project, which the team is dedicat- highly active forums for users and developers to discuss ed to designing and developing completely in the open, in a their needs and get help with the application. More than 30 GitHub repository [33]. companies globally are providing commercial hosting and/ or support of OpenEMR. It’s not a Thneed [25] (a fine thing And more that all people need, according to Dr. Seuss), but it’s cer- Every year, several hundred new open source projects tainly a great open source success story. appear. As much as I’d love to, covering them all is not . 42 Open Source Yearbook 2016 . Opensource.com possible. The projects in this roundup are only a few of the 21. http://www.open-emr.org/ many worth watching in the next year. Let us know about 22. http://www.x12.org your project—submit an article proposal [34]. 23. http://www.open-emr.org/wiki/index.php/OpenEMR_ePrescribe 24. http://www.oemr.org/ Resources 25. http://seuss.wikia.com/wiki/Thneed 1. https://opensource.com/tags/nooks-and-crannies 26. https://opensource.com/life/16/9/bibisco-tool-novelists 2. http://mixxx.org 27. http://www.bibisco.com 3. https://www.shoutcast.com/ 28. https://www.literatureandlatte.com/scrivener.php 4. http://icecast.org/ 29. http://pa11y.org/ 5. https://github.com/mixxxdj/mixxx/blob/master/CODE_OF_ 30. http://demo.pa11y.org/ CONDUCT.md 31. http://pa11y.github.io/contributing/code-of-conduct/ 6. http://mixxx.org/wiki/doku.php/hardware_compatibility 32. http://contributor-covenant.org/version/1/4/ 7. http://mixxx.org/wiki/doku.php/getting_involved 33. https://github.com/pa11y/sidekick 8. https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html 34. https://opensource.com/story 9. https://www.r-project.org/ 10. http://ropensci.org/ 11. https://github.com/ropensci/sofa Author 12. http://couchdb.apache.org/ D Ruth Bavousett has been a system administrator and 13. https://github.com/ropensci/sofa/blob/master/CONDUCT.md software developer for a long, long time, getting her pro- 14. https://github.com/ropensci/sofa fessional start on a VAX 11/780, way back when. She 15. https://opensource.com/life/16/4/oscon-interview-wilfred-​ spent a lot of her career (so far) serving the technology gee-panoptes needs of libraries, and has been a con- 16. http://conferences.oreilly.com/oscon tributor since 2008 to the Koha open 17. http://www.projectpanoptes.org source library automation suite. Ruth 18. https://opensource.com/life/16/5/openaps-oscon-dana-lewis is currently a Perl Developer at cPanel 19. https://openaps.org in Houston, and also serves as chief of 20. https://openaps.readthedocs.io/en/latest/index.html staff for one large cat.

The conversation continues—in the open. Download 3 free books today, and join us at opensource.com/open-organization

. Open Source Yearbook 2016 . Opensource.com 43 ...... COLLABORATING ...... 9 lessons from years of Linux kernel development 25 BY GREG KROAH-HARTMAN

projects. It may be many years before we fully understand BECAUSE THE LINUX KERNEL the keys to the Linux kernel’s success, but there are a few community celebrated a quarter-century of development lessons that stand out even now. in 2016, many people have asked us the secret to the project’s longevity and success. I usually laugh and joke 1. Short release cycles are important. that we really have no idea how we got here. The project In the early days of the Linux project, a new major ker- has faced many disagreements and challenges along the nel release only came once every few years. That meant way. But seriously, the reason we’ve made it this far has considerable delays in getting new features to users, which a lot to do with the community’s capacity for introspection was frustrating to users and distributors alike. But, more and change. importantly, such long cycles meant that huge amounts of About 16 years ago, most of the kernel developers had code had to be integrated at once, and that there was a never met each other in person—we’d only ever interacted great deal of pressure to get code into the next release, over email—and so Ted T’so [1] came up with the idea of a even if it wasn’t ready. Kernel Summit [2]. Now every year kernel developers make Short cycles address all of these problems. New code is a point to gather in person to work out technical issues and, quickly made available in a stable release. Integrating new crucially, to review what we did right and what we did wrong code on a nearly constant basis makes it possible to bring over the past year. Developers can openly and honestly in even fundamental changes with minimal disruption. And discuss how they interact with each other and how the de- developers know that if they miss one release cycle, there velopment process works. And then we make changes that will be another one in two months, so there is little incentive improve the process. We make new tools, like Git [3], and to try to merge code prematurely. constantly change how we work together. Over time, this evolution has created a resiliency that has 2. Process scalability requires a distributed, allowed the project to go from one strength to the next while hierarchical development model. avoiding the forks that have split the resources of competing A long time ago, all changes went directly to Linus Torvalds, but that quickly proved unwieldy as no one single person can keep up with a project as diverse as an operating system kernel. Very early the idea of maintainers of different areas of the kernel came about, where the responsibility of a por- tion of the kernel was assigned to an individual familiar with that area. Examples of this is networking, wireless, different driver subsystems like PCI or USB, or different individual filesystems like ext2 or vfat. Spreading out the responsibil- ity for code review and integration across many hundreds of maintainers gives the project the resources to cope with tens of thousands of changes per release, without sacrificing review or quality. Image by: Internet Archive Book Images. Modified by Opensource.com. . . 44 Open Source Yearbook 2016 . Opensource.com Open Source Yearbook 2016 . Opensource.com 3. Tools matter. 7. There should be no internal boundaries Kernel development struggled to scale until the advent of within the project. the BitKeeper [4] Kernel developers are necessarily focused on specific source-code man- Without the right tools, a parts of the kernel, but any developer can make a change agement system project like the kernel would to any part of the kernel if the change can be justified. As changed the com- a result, problems are fixed where they originate rather simply be unable to function munity’s practices than being worked around, developers have a wider view nearly overnight; without collapsing under its of the kernel as a whole, and even the most recalcitrant the switch to Git own weight. maintainer cannot indefinitely stall needed progress in any brought about an- given subsystem. other leap forward. Without the right tools, a project like the kernel would simply be unable to function without collapsing 8. The kernel shows that major developments can under its own weight. spring from small beginnings. The original 0.01 kernel was a mere 10,000 lines of code; 4. The kernel’s strongly consensus-oriented model is now it grows by more than that every two days. Some of the important. rudimentary, tiny features that developers are adding now As a general rule, a proposed change will not be merged will develop into significant subsystems in the future. if a respected developer is opposed to it. This can be in- tensely frustrating to developers who find code they have 9. Above all, 25 years of kernel history show that put months into blocked on the mailing list. But it also en- sustained, cooperative effort can bring about common sures that the kernel remains suited to a wide ranges of resources that no group would have been able to users and problems. No particular user community is able develop on its own. to make changes at the expense of other groups. As a Since 2005, some 14,000 individual developers from more result, we have a single codebase that scales from tiny than 1,300 different companies have contributed to the ker- systems to supercomputers and that is suitable for a huge nel. The Linux kernel, thus, has become a common resource range of uses. developed on a massive scale by companies that are fierce competitors in other areas. 5. The kernel’s strong “no regressions” rule is also These takeaways, and more detailed information on Linux important. kernel development, can be found in the 2016 Linux Kernel De- Over a decade ago the kernel developer community made velopment Report [5], co-written with LWN’s [6] Jon Corbet. the promise that if a given kernel works in a specific set- Libby Clark contributed to this article. ting, all subsequent kernels will work there, too. If the community finds out that a change caused a regression, Resources they work very quickly to address the issue. The rule gives [1] https://thunk.org/tytso/ users assurance that upgrades will not break their sys- [2] http://events.linuxfoundation.org/events/linux-kernel-summit tems; as a result, they are willing to follow the kernel as it [3] https://opensource.com/search/apachesolr_search/git develops new capabilities. [4] http://www .bitkeeper.com/ [5] https://www .linux.com/publications/linux-kernel-development-​ 6. Corporate participation in the process is crucial, but how-fast-it-going-who-doing-it-what-they-are-doing-and- no single company dominates kernel development. who-5 Some 5,062 individual developers representing nearly 500 [6] https://lwn.net/ corporations have contributed to the Linux kernel since the 3.18 release in December of 2014. The majority of devel- Author opers are paid for their work—and the changes they make Greg is a Linux kernel maintainer and a serve the companies they work for. But, although any com- Linux Foundation fellow. pany can improve the kernel for its specific needs, no com- pany can drive development in directions that hurt the others or restrict what the kernel can do.

. Open Source Yearbook 2016 . Opensource.com 45 45 ...... COLLABORATING ......

A tour of Google’s 2016 open source releases BY JOSH SIMMONS

enables that allowed for ease of management, including automated OPEN SOURCE SOFTWARE Google deployment of configuration changes.” to build things quickly and efficiently without reinventing the wheel, allowing us to focus on solving new problems. Vendor Security Assessment Questionnaire (VSAQ) We stand on the shoulders of giants, and we know it. This We assess the security of hundreds of vendors every year, is why we support open source [1] and make it easy for and have developed a process to automate much of the Googlers to release the projects they’re working on inter- initial information-gathering with VSAQ [12]. Many ven- nally as open source. dors found our questionnaires intuitive and flexible, so we We’ve released more than 20-million lines of open source decided to shared them. The VSAQ framework includes code to date, including projects such as Android, Angular, four extensible questionnaire templates covering web ap- Chromium, Kubernetes [2], and TensorFlow. Our releases plications, privacy programs, infrastructure, and physical also include many projects you may not be familiar with, and data center security. You can learn more about it in such as Cartographer [3], Omnitone [4], and Yeoman [5]. our announcement blog post [13]. Looking back at the projects we’ve open sourced in 2016, there’s a lot to be excited about. We have released open OpenThread source software [6], hardware [7], and datasets [8]. Let’s OpenThread [14], released by Nest [15], is a complete im- take a look at some of this year’s releases. plementation of the Thread [16] protocol for connected de- vices in the home. This is especially important because of Seesaw the fragmentation we’re seeing in this space. Development Seesaw [9] is a Linux Virtual Server-based [10] load-bal- of OpenThread is supported by ARM, Microsoft, Qualcomm, ancing platform developed in Go by our site reliability en- Texas Instruments, and other major vendors. gineers. Seesaw, like many projects, was built to scratch our own itch. Magenta From our blog Can we use machine post announcing its learning to cre- release [11]: “We ate compelling art needed the ability and music? That’s to handle traffic for the question that unicast and any- animates Magen- cast VIPs, perform ta [17], a Tensor- load balancing with Flow-based project NAT and DSR (also from the Google known as DR), Brain team [18]. The and perform ade- aim is to advance the quate health checks state of the art in ma- against the back- chine intelligence for ends. Above all we music and art gen- wanted a platform eration, and to build Image by: Travis Wise. CC BY-SA 2.0 . . 46 Open Source Yearbook 2016 . Opensource.com Open Source Yearbook 2016 . Opensource.com a collaborative community of artists, coders, and ma- 5. http://yeoman.io/ chine-learning researchers. Read the release announce- 6. https://opensource.googleblog.com/2016/04/cctz-v20-now- ment [19] for more information. with-more-civil-time.html 7. https://opensource.googleblog.com/2016/07/announcing- Omnitone open-source-adc-board-for.html Virtual reality (VR) isn’t nearly as immersive without spa- 8. https://opensource.googleblog.com/2016/10/introducing- ​ tial audio, and much of VR development is taking place on open-images-dataset.html proprietary platforms. Omnitone [20] is an open library built 9. https://github.com/google/seesaw by members of the Chrome team that brings spatial audio 10. http://www.linuxvirtualserver.org/ to the browser. Omnitone builds on standard Web Audio 11. https://opensource.googleblog.com/2016/01/seesaw-scalable-​ APIs to deliver an immersive experience and can be used and-robust-load.html alongside projects such as WebVR [21]. Find out more in 12. https://github.com/google/vsaq our blog post announcing the project’s release [22]. 13. https://opensource.googleblog.com/2016/03/scalable-vendor-​ security-reviews.html Science Journal 14. http://github.com/openthread/openthread Today’s smartphones are packed with sensors that can 15. https://nest.com/ tell us interesting things about the world around us. We 16. http://threadgroup.org/ launched Science Journal [23] to help educators, stu- 17. http://github.com/tensorflow/magenta dents, and citizen scientists tap into those sensors. You 18. https://research.google.com/teams/brain/ can learn more about the project in our announcement 19. https://magenta.tensorflow.org/welcome-to-magenta blog post [24]. 20. https://github.com/GoogleChrome/omnitone 21. https://webvr.info/ Cartographer 22. http://google-opensource.blogspot.com/2016/07/omnitone-​ Cartographer [25] is a library for real-time simultaneous spatial-audio-on-web.html localization and mapping (SLAM) in 2D and 3D with Robot 23. http://googleforeducation.blogspot.com/2016/05/inspiring-​ Operating System (ROS) support [26]. Combining data future-makers-and-scientists.html from a variety of sensors, this library computes positioning 24. http://google-opensource.blogspot.com/2016/08/opening-​ and maps surroundings. This is a key element of self-driv- up-science-journal.html ing cars, UAVs, and robotics, as well as efforts to map 25. https://github.com/googlecartographer the insides of famous buildings [27]. More information on 26. http://www.ros.org/about-ros/ Cartographer can be found in our blog post announcing 27. https://www.zeitgeistminds.com/talk/5604289821016064/ its release [28]. amit-sood-the-peoples-museum-amit-sood This collection is just a small sampling of what we’ve re- 28. http://opensource.googleblog.com/2016/10/introducing-​ leased this year. Follow the Google Open Source Blog [29] cartographer.html to stay apprised of Google’s open source software, hard- 29. https://opensource.googleblog.com/ ware, and data releases.

Resources Author 1. https://developers.google.com/open-source/ Josh Simmons is a community organizer 2. https://opensource.com/resources/what-is-kubernetes and short stack web developer who works 3. https://opensource.googleblog.com/2016/10/introducing-​ on the Google open source outreach team cartographer.html and sits on the OSI board of directors. You 4. https://opensource.googleblog.com/2016/07/omnitone-spatial-​ can find him on Twitter: @joshsimmons audio-on-web.html

. Open Source Yearbook 2016 . Opensource.com 47 47 ...... COLLABORATING ......

Linux news stories of 2016 TOP 10 BY SCOTT NESBITT

made development, was LINUX quite pragmatic rather a few headlines than ideological, in 2016. Although the kernel was 2016 wasn’t the designed to be much-anticipated practical, and Li- Year of Linux on the nux managed to Desktop, it was still rally a community a big year for the around itself. Image by: Internet Archive Book Images. Modified by Opensource.com. CC BY-SA 4.0 open source move- ment’s poster child. Let’s take a look at 10 of the biggest 2. Fedora 25 becomes the first major Linux Linux news stories from the past year. distro to ship with Wayland enabled by default As we reported in November 2016, Fedora 25 rolled out 1. Linux turns 25 with Wayland as the default display protocol on compati- They grow up so quickly. It’s hard to believe that 25 years ble machines. Wayland was development as modern, sim- ago Linus Torvalds announced [1] to the comp.os.minix Usen- pler replacement for the X Window System. In a March et group that he was “doing a (free) operating system (just a 2016 blog post, “Why Wayland Anyway?” [3], developer hobby, won’t be big and professional like gnu) for 386(486) AT Matthias Clasen outlined benefits of Wayland, including clones.” Since 1991, Linux has grown beyond even Torvalds’ that it isolates clients from each other; it’s a better fit for dreams. It’s not a stretch to say that Linux is everywhere. Cor- modern, compositing-based display system (i.e., it doesn’t porations large and small use Linux, and it powers computers, include unnecessary “baggage,” such as core fonts or mobile devices, and connected hardware. Critical infrastruc- core rendering); and it will be a good foundation for en- ture relies on the stability and flexibility of Linux. abling features that are hard to support under X (e.g., Why, despite its humble beginnings and the opposition it’s input transformation or smooth transitions between com- faced from certain corners of the technology world, did Linux posited desktop and fullscreen clients). not only survive but also thrive? Christopher Tozzi, writing Fedora 25 with Wayland received rave reviews from at The VAR Guy website [2], suggests that Linux succeed- users. In an Ars Technica article, “Fedora 25: With Way- ed for four reasons: It adopted a decentralized approach to land, Linux has never been easier (or more handsome)” [4], . . 48 Open Source Yearbook 2016 . Opensource.com Open Source Yearbook 2016 . Opensource.com writer Scott Gilbertson says, “This is perhaps the biggest 5. Russia moves to embrace Linux change to come in the Linux world since the move to sys- As Munich considers moving away from Linux, Russia is mov- temd. However, unlike that systemd transition, the switch ing toward embracing Linux and open source. The Duma, to Wayland was so seamless I had to logout and double Russia’s parliament, drafted a law [13] giving preference to check that I was in fact using Wayland.” And in his an open source software and requiring government agencies article on TechRepublic, “Fedora 25: Bleeding edge and to justify purchases of proprietary solutions. A big part of this bloody brilliant” [5], Jack Wallen says, “There are those move is based around security concerns. Most of the coun- in the community who believe it’s still too early to be us- try’s digital infrastructure runs on software from US-based ing Wayland as the default compositor protocol. Howev- companies, such as Microsoft, Oracle, and IBM. The Russian er, after using Fedora 25 for a while, it’s quite clear that government claims that the software from those companies Wayland is well beyond ready. GNOME on Wayland was poses security risks, such as hidden backdoors into the soft- much improved. Windows were smoother and faster to ware. Although the public and private sectors in Russia are open and the stability of the desktop was a slight step warm to open source, a few barriers must be overcome, such ahead of X11.” Keep an eye out for Wayland to make more as a lack of local companies who can provide support, and headlines in 2017. few open source companies have offices in Russia.

3. Microsoft cozies up to Linux 6. Linux powers the world’s fastest supercomputers Over the past couple of years, Microsoft has been back- For years, Linux has been at the heart of the fastest, most tracking on its aggressive rhetoric against Linux and open powerful supercomputers on the planet. This trend continued source. In fact, the company has been actively and publicly in 2016 [14] with Linux ruling the roost as the operating sys- embracing its one-time sworn enemy. But in 2016, the com- tem of choice for makers of supercomputers. In the TOP500 pany further shocked the Linux and open source world with 2016 [15] rankings of high performance computers, Linux several moves. Microsoft joined the Linux Foundation [6] as powers 497 of the 500 machines on the list. That means a Platinum member, a membership tier that includes com- 99.4% of the fastest supercomputers use Linux as their soft- panies such as Cisco, Fujitsu, IBM, and Intel. Other small- ware heart. The other three run IBM’s AIX (a UNIX deriva- er—but more surprising—moves were making PowerShell tive), and the highest-ranking of those computers comes [7] and SQL Server 2016 [8] available for Linux (however, in at 281st place on the list. only PowerShell is open source), and bringing the Bash shell to Windows 10 [9]. 7. Automotive Grade Linux heads toward These moves have been greeted with open arms, and becoming a de-facto standard with more than a bit of skepticism. On one hand, analysts If Linux isn’t already in your car, it will be soon. That’s the anticipate Microsoft’s platform to integrate and operate bet- idea behind the Linux Foundation’s Automotive Grade Linux ter with Linux and open source applications. On the other [16] (AGL) project. Although Automotive Grade Linux has hand, many people in the open source community view Mi- been kicking around for a few years, it picked up addition- crosoft’s coziness with Linux and open source as an- al steam [17] in 2016 when several technology companies, other step in Microsoft’s embrace, extend, and extinguish including Oracle, Qualcomm, and Texas Instruments, joined [10] strategy. the project. ”The automotive industry needs a standard open operat- 4. Munich makes noise about abandoning Linux ing system and framework to enable automakers and suppli- In 2004, the city of Munich in Germany made headlines ers to quickly bring smartphone-like capabilities to the car,” by starting a project to replace Windows and Microsoft Dan Cauchy, the project’s general manager, says in an early Office on thousands of PCs with a custom Linux distribu- 2016 project update [18]. The tech firms that joined the proj- tion called LiMux, OpenOffice.org, and, later, LibreOffice. ect along with a number of automakers are working to build That experiment seems to be over, as Munich’s govern- a common, standard platform for controlling all aspects of a ment is debating a report [11] that recommends moving car’s operations. back to Microsoft’s products. The announcement was sur- prising because the city declared the shift to Linux and 8. Popular Linux distribution Mythbuntu packs it in open source a success in 2013 [12]. Although most users The year 2016 saw the end of the line for one popular Linux haven’t had a problem with the migration, various munici- distribution. The developers behind Mythbuntu, the backbone pal departments are pushing to go back to using Windows of the open source MythTV digital video recorder, decided to and Microsoft Office. But it’s not all bleak news for Linux discontinue the project [19]. Thomas Mashos, a coder with in Munich. If the shift does happen, the city plans to use the project, says a lack of developers led to the decision. LiMux alongside Windows, and LiMux would continue to The team went from 10 developers down to 2, which caused be updated. delays to updates and new Mythbuntu releases. . Open Source Yearbook 2016 . Opensource.com 49 49 ...... COLLABORATING......

MythTV isn’t dead, however. The core software is still [6] https://www .linuxfoundation.org/announcements/​microsoft-​for- available, and the Mythbuntu team suggests that instead tifies-commitment-to-open-source-becomes-​linux-foundation-​ of Mythbuntu, users install a distribution such as Xubuntu. platinum Users can install the MythTV packages using the Mythbun- [7] http://www.tomsitpro.com/articles/microsoft-power- tu Personal Package Archive, which will continue to contain shell-open-source-linux-mac,1-3353.html MythTV updates. [8] http://thevarguy.com/open-source-application-software-​ companies/microsoft-loves-open-source-servers-sql-​ 9. KDE turns 20 server-2016-comes The Kool Desktop Environment—more commonly known [9] https://techcrunch.com/2016/03/30/be-very-afraid-hell-has- as KDE—turned 20 years old. In his October 1996 an- frozen-over-bash-is-coming-to-windows-10/ nouncement [20], Matthias Ettrich wrote, “The idea is [10] https://en.wikipedia.org/wiki/Embrace%2C_extend_and_ NOT to create a GUI for the complete UNIX-system or the extinguish System-Administrator. ... The idea is to create a GUI for [11] http://www.techrepublic.com/article/open-source-pioneer- an ENDUSER. Somebody who wants to browse the web munich-debates-report-that-suggests-abandoning-linux-for- with Linux, write some letters and play some nice games.” windows-10/ To learn more about the history of the KDE project, visit [12] http://www.theregister.co.uk/2013/12/16/munich_signs_off_ timeline.kde.org [21]. Also check out David Both’s list of 9 on_open_source_project/ reasons to use KDE [22]. [13] http://www.zdnet.com/article/ibm-microsoft-oracle-beware- russias-pushing-open-source-and-sees-you-as-security- 10. Linux kernel bug threatens 1.4 billion Android threat/ devices [14] http://www.zdnet.com/article/linux-and-china-rule-super- You’re probably wondering how a bug in the Linux kernel computing-in-2016/ could be a problem for Android. Well, Android is built on top [15] https://www.top500.org/ of version 3.6 of the kernel. The bug, an issue with the Trans- [16] https://www.automotivelinux.org/ port Control Protocol in that version of the kernel, put 80% [17] http://www.zdnet.com/article/the-linux-in-your-car-movement-​ of Android devices (about 1.4 billion of them) at risk [23]. gains-momentum/ Although it wasn’t one of the most severe Android security [18] https://www.linux.com/blog/car-makers-rev-automotive- bugs, it left Android devices open to spying when they con- grade-linux-ces nected to the Internet. Still, researchers said the flaw was [19] https://opensource.com/life/16/11/news-november-12 simple enough for anyone with minor technical skills to ex- [20] https://www.kde.org/announcements/announcement.php ploit. Linux developers quickly patched the bug, and the fix [21] https://timeline.kde.org/ was passed to mobile carriers and handset makers to pass [22] https://opensource.com/life/15/4/9-reasons-to-use-kde along to their customers. [23] http://www.computerworld.com/article/3108618/security/​​ 1-4-billion-android-devices-vulnerable-to-hijacking-​thanks- Resources to-​linux-tcp-bug.html [1] https://www.learnlinux.ie/content/linus-torvalds-original-​ announcement-usenet [2] http://thevarguy .com/open-source-application-software-​ Author companies/050415/open-source-history-why-did-​linux-​ Writer. Technology coach. Soldier of fortune. Ocelot wran- succeed gler. Husband and father. Blogger. Collector of pottery. [3] https://blogs.gnome.org/mclasen/2016/03/04/why-way - Scott Nesbitt is a few of these things. He’s land-anyway/ also a long-time user of free/open source [4] http://arstechnica.com/gadgets/2016/12/fedora-25-review- software who extensively writes and blogs the-best-linux-distro-of-2016-arrived-at-the-last-moment/ about it. You can find Scott on Twitter [5] http://www .techrepublic.com/article/fedora-25-bleeding- (@ScottWNesbitt), GitHub, and GitLab. edge-and-bloody-brilliant/

. 50 Open Source Yearbook 2016 . Opensource.com ...... COLLABORATING 2016 Hacktoberfest ignites open source participation BY BEN COTTON

[1] launched Hacktoberfest [2] DIGITALOCEAN in 2014 to encourage contri- bution to open source projects. The event was a clear suc- cess, and in terms of attendance and participation goals reached, it’s also clear that Hacktoberfest has become a powerful force in driving contributions to open source. The lure of a t-shirt and specific, time-limited goals help new con- tributors get started and encourage existing contributors to rededicate themselves and their efforts. The third year continued the momentum. In fact, early Image by: Library of Congress. Modified by Opensource.com. in the month, community management manager Daniel Zaltsman [3] told Opensource.com that 2016 already sur- berfest provided an extra incentive to contribute back,” partici- passed last year’s results. pant Aditya Dalal [7] told DigitalOcean. “Over time, I continued At month’s end, 10,227 of the 29,616 registered participants contributing and ended up as a maintainer, focusing on triag- had opened four pull requests in order to complete Hackto- ing issues and making the contribution process as simple as berfest successfully. Although the success rate of 34.5% was possible, which I like to think we have succeeded at.” down slightly from 2015, the number of participants who com- His participation illustrates the momentum that Digita- pleted the event was up dramatically. The number of people lOcean has tried to build into the Hacktoberfest events. Forty who completed Hacktoberfest 2016 was more than two-thirds events were held in 29 cities across 12 countries. For 2016, of last year’s total registrant count. Registration was up more they created a Hacktoberfest-themed meetup kit to encour- 97% from last year, with success up 79%. And 92,569 pull age social participation. Although this year got more internal requests were opened, which is an 89% increase. Momentum teams involved, for 2017 organizers want to further increase may be a bit of an understatement. community participation. One interesting number that stood out in the final analysis Interesting trivia stands out from the 2016 stats. Contri- was the nearly 1:1 ratio of registered participants to contrib- butions were spread roughly equally across the days of the uted projects—29,287 repositories received pull requests week, but Monday had the highest number of pull requests. from Hacktoberfest 2016 participants. homebrew-cask [4] Monday also happened to be the last day of the month, received the most (310), with home-assistant [5] (265) and which meant a flurry of last-minute pull requests as people manageiq [6] (231) close behind. tried to earn their t-shirt. When the last day’s pull requests Although the basic mechanics of participation did not change are removed, Monday becomes the second slowest day. for this year, DigitalOcean made a few changes to improve the When normalized for the number of times the day occurred experience for project maintainers. This year, maintainers were in the month, Wednesday was the most active day, with the encouraged to create a Hacktoberfest label and apply that to weekends being the slowest. issues where newcomers could make a contribution. GitHub Can 2017 continue building on the first three years? We’ll provides site-wide search, so the 15,000-plus labeled issues find out next October. could be found quickly by people who didn’t know which project to start on, but who wanted to make a contribution. Additionally, Resources pull requests marked “Invalid” were not counted toward a par- [1] https://www.digitalocean.com/ ticipant’s total. The net result was to prevent trivial or no-op pull [2] https://hacktoberfest.digitalocean.com/ requests from overburdening project maintainers. [3] https://twitter.com/Zaltsman Some Hacktoberfest participants have gone on to be proj- [4] https://github.com/caskroom/homebrew-cask/ ect maintainers. “I actually started contributing to open source [5] https://github.com/home-assistant/home-assistant/ in a meaningful way because of Hacktoberfest. Homebrew [6] https://github.com/ManageIQ/manageiq/ Cask was a convenient tool in my daily usage, and Hackto- [7] https://github.com/adidalal . Open Source Yearbook 2016 . Opensource.com 51 Most Playful Top 7 Linux games

of 2016 BY ROBIN MUILWIJK

Counter-Strike: Global IN THE 2015 Offensive Open Source Yearbook [1] The classic first-person shoot- I looked at the best open er Counter-Strike [7] game was source games [2]. This year, launched 14 years ago and is with the continuing growth of now touted as the “world’s #1 Linux gaming, I’ve rounded online action game”. Count- up the top Linux games on er-Strike: Global Offensive [8] Steam [3]. On an average has since seen many updates, day, some of these games [4] Image by: NASA on the Commons and Internet Archive Book Images. such as new maps, charac- are played by almost a million Modified by Opensource.com. ters, and weapons, based on players. I included both free and non-free games on my list. the classic Counter-Strike. Counter-Strike: Global Offensive is available on Steam [9] for US$ 14.99. Bundle pricing is also Dota 2 available. By far the most-played game on Steam is Dota 2 [5]. At times, Dota 2 reaches close to a million concurrent online Team Fortress 2 players. This action and strategy game originates from a Team Fortress 2 [10] is a multi-player action game, de- Warcraft 3 modification. Players can select from hundreds veloped by Valve [11], creator of Steam. Team Fortress 2 of heroes, to team up and “battle their Dire counterparts to has seen more than 400 updates in the past six years, and control a gorgeous fantasy landscape, waging campaigns of continues to be updated with new game modes, maps, and cunning, stealth, and outright warfare.” Dota 2 is free to play, more. Team Fortress 2 is available on Steam [12] and is free and exclusively available on Steam [6]. to play.

Figure 1: Dota 2 screenshot by Colony of Gamers. CC BY-NC 2.0 Figure 2: Team Fortress 2 screenshot by Terry Robinson. CC BY-NC 2.0

. 52 Open Source Yearbook 2016 . Opensource.com Most Playful

ARK: Survival Evolved ARK: Survival Evolved [13] is an action-filled role playing game that will put you through lots of adventure—from sur- vival, to riding dinosaurs. “As a man or woman stranded na- ked, freezing and starving on a mysterious island, you must hunt, harvest, craft items, grow crops, and build shelters to survive,” the site explains. ARK: Survival Evolved is avail- able on Steam [14] (Early Access) for US$ 29.99.

Figure 3: ARK: Survival Evolved screenshot by Tamahikari Tammas. CC BY-NC 2.0

build and play. “You spawn objects and weld them togeth- er to create your own contraptions—whether that’s a car, a rocket, a catapult or something that doesn’t have a name yet—that’s up to you,” the site explains. Garry’s Mod is avail- able on Steam [18] for $US 9.99.

Figure 4: Garry’s Mod screenshot by DoctorButtsMD. CC BY-NC 2.0

Football Manager 2017 In Football Manager 2017 [15] you can pick from 2,500 real clubs and take control over your favorite team. Football Man- ager 2017 claims to be “the most realistic and immersive football management game to date.” The game allows you to control transfers and who plays or sits on the bench, all while you watch the game live through the 3D match engine. Football Manager 2017 is available in the Steam store [16] for US$ 59.99. Sid Meier’s Civilization V Civilization [19] is a turn-based strategy game in which you Garry’s Mod attempt to build an empire. If you can stand the test of time, Garry’s Mod [17] is a sandbox game and lacks any objec- you can become ruler of the world “by establishing and lead- tives. The makers provide you with tools, and leave you to ing a civilization from the Stone Age to the Information Age.” . Open Source Yearbook 2016 . Opensource.com 53 The game allows you to play its default maps and scenarios. Resources But you can also create your own or download player-created (For links to original images in this article, visit: http://red.ht/​ maps and scenarios. Civilization is available on Steam [20] 2i2Y5sB) for US$ 69.99. [1] https://opensource.com/yearbook/2015 [2] https://opensource.com/life/15/12/top-5-open-gaming Honorable mentions [3] http://store.steampowered.com/linux Because this list focuses on Linux games available on [4] http://store.steampowered.com/stats/ Steam, I also want to mention two other popular open [5] http://blog.dota2.com/?l=english source games that can be played on Linux and that have a [6] http://store.steampowered.com/app/570/ native client: [7] http://blog.counter-strike.net/ [8] http://blog.counter-strike.net/ The Battle for Wesnoth [9] http://store.steampowered.com/app/730/ Gamers that prefer a turn-based tactical strategy game [10] http://www.teamfortress.com/index.php will love The Battle for Wesnoth [21], which is free. Mak- [11] http://www.valvesoftware.com/ ing this game unique is its high fantasy theme. The game [12] http://store.steampowered.com/app/440/ allows you to build your own army, out of 200 unit types, [13] http://www.playark.com/ and it includes 16 races, 6 major factions, and hundreds [14] http://store.steampowered.com/app/346110/ of years of history. As player, you are the heir to Wesnoth, [15] http://www.footballmanager.com/ and you fight to regain its throne. “The world of Wesnoth [16] http://store.steampowered.com/app/482730/ is absolutely huge and only limited by your creativity— [17] http://www.garrysmod.com/ make your own custom units, create your own maps, and [18] http://store.steampowered.com/app/4000/ write your own scenarios or even full-blown campaigns,” [19] https://civilization.com/ the site explains. [20] http://store.steampowered.com/app/8930/ [21] http://www.wesnoth.org/ 0 A.D. [22] http://play0ad.com/ 0 A.D. [22] is a free historical real-time strategy game. 0 A.D. is unique in its graphics and rendering. As leader of an an- Author cient civilization, your goal is to gather the resources you Robin Muilwijk is Advisor Internet and e-Government. He need to raise a military force and dominate your enemies. also serves as a community moderator for Your civilizations and battles take part over the millennium Opensource.com and as ambassador for of 500 B.C. to 500 A.D. (hence, the name of this game being The Open Organization. Robin is Chair of the midpoint: 0 A.D.) the eZ Community Board, and Communi- ty Manager at eZ Systems. Follow Robin on Twitter: @i_robin

. 54 Open Source Yearbook 2016 . Opensource.com ...... COLLABORATING

Open source diversity efforts gain momentum in 2016 BY NITHYA RUFF

is pervasive, shouldn’t the peo- The Linux Foundation [1] and OpenStack Foundation [2] IF SOFTWARE ple building it be from every- provide scholarships, travel assistance, training, mentor- where and represent different voices? The broadly accepted ships, childcare, affinity groups, and more as part of their answer is yes, that we need a diverse set of developers and events and services. (I’m involved in the Linux Founda- technologists to build the new digital world. Further, when tion-sponsored Women in Open Source events and the you look at communities that thrive, they are those that Women of OpenStack [WOO] group.) Since the WOO group evolve and grow and bring in new voices and perspectives. started in 2014, more women have been attending and Because much of the software innovation happening today speaking at OpenStack-related events and contributing to involves open source software, the open source community OpenStack projects. More than 11% of attendees at both Li- can be an entry point for new people in technology roles. nuxCon North America and OpenStack Summit in Austin [3] This means that the open source community must evolve in 2016 were women. to stay relevant. There has never been a better time for the The Linux Foundation, in partnership with the National Center open source community to welcome new community mem- for Women & Information Technology (NCWIT [4]), is develop- bers from under- ing inclusive speak- represented groups er orientation course than now, and the for events to ensure community is rising that all speakers go to the challenge. through training in Efforts to increase what it means to be diversity in open inclusive. source are showing Many tech orga- results, so let’s look nizations are ad- at a few examples: dressing the role their company cul- 1. Foundations tures and policies and organizations play in increasing are increasing diversity. For ex- outreach efforts. ample, Google Over the past few launched its Sum- years, new foun- Image by: Internet Archive Book Images. Modified by Opensource.com. CC BY-SA 4.0 mer of Code pro- dations have been gram in 2005, and created to support open source projects. For example, mul- Red Hat launched its Women in Open Source award [5] tiple projects fall under the umbrellas of big foundations, in 2015. By 2016, many organizations and events were such as the Linux Foundation and OpenStack Foundation. regularly sponsoring networking opportunities for wom- Besides being a home for projects, foundations are em- en, such as the LinuxCon North America Women in Open bracing their roles in curating and sharing best practices, Source Lunch, sponsored by Intel; and the Women’s creating on-ramps, and supporting new people in project Leadership Community Luncheon at Red Hat’s annual communities. summit [6]. . Open Source Yearbook 2016 . Opensource.com 55 ...... COLLABORATING......

2. Mentorships, scholarship programs, and training nizers. She got her start speaking at SCALE when she are scaling. was 11, and she gave a keynote at OSCON [21] in 2014, Software Freedom Conservancy’s Outreachy [7], which was at the ripe old age of 13. When I talked to Keila, she found founded in 2010, provides internships to women and mem- programming to be as natural as other subjects at school, bers of underrepresented groups through mentors and work and she loves the Python language, including its com- experience on a specific project. Contributions from Out- munity. Young people are learning open source technical reachy interns is impressive: The Outreachy organization skills from programming, animation, video editing, digital ranked #9 for kernel contributions in Linux 4.4 and #6 for drawing, and picture editing, and conferences are rapidly Linux 4.6 releases. Read the 2016 Kernel Internship Report embracing and catering to this new generation of commu- (PDF [8]) for more detail. nity members. Google Summer of Code [9] (GSoC) is another suc- cessful initiative that has been matching students to open 4. The data confirms progress. source projects and volunteer mentors for more than a de- Without data, determining whether we are making prog- cade. More than 1,200 students and 178 organizations [10] ress is difficult. We need to measure the percent of con- participated in GSoC 2016. Hopefully the success of these tributions from women and members of underrepresented programs will help inspire more mentorship programs groups, learn about projects successfully attracting and in 2017. retaining a diverse group of contributors, and then share In 2016, annual Grace Hopper Celebration of Women in what we learn across projects. Spain-based Bitergia’s Computing [11] (GHC) attracted around 15,000 from more Chief Data Officer Daniel Izquierdo [22] took the initia- than 80 countries. The GHC annual Open Source Day tive to do this for OpenStack and for the Linux kernel and is an all-day hackathon that brings attendees together to shared the results in 2016. (Read Rikki Endsley’s recent network, contribute to good causes, and build their GitHub interview with Daniel, “Analyzing gender diversity in the profiles in a safe environment. OpenStack community” [23].) Bitergia plans to do gather diversity metrics for Apache Software Foundation projects 3. Conferences are improving diversity among in the near future. speakers and attendees. The data Bitergia has been collecting on the diversity of Conferences such as OSCON [12], LinuxCon [13], PyCon contributions and community growth over time shows trend- [14], SCaLE [15], and OpenStack Summit [16] play a big ing in the right direction. We still need a new way to measure role in showcasing and supporting diversity. The impact of the overall health of an open source project, which means seeing women and underrepresented minorities on stage that, in addition to measuring the number of contributors, and hearing new perspectives is powerful in changing our downloads, and issues resolved, we should track how di- perception of who is part of the open source community. verse communities are and how welcoming they are to new O’Reilly’s OSCON is showing noticeable improvement in contributors. These measurements could help us recognize the diversity of its speakers and talks. I spoke with Rachel projects that have great on-boarding and retention practices Roumeliotis, Strategic Content Director and OSCON Chair and that have built diverse and vibrant communities. Learn for O’Reilly about how OSCON raises the bar every year to more about Bitergia’s work in gender diversity metrics on showcase amazing new voices. She says organizers active- their blog [24]. ly seek out new voices and perspectives, and they want to reflect the changing community and perhaps project what 5. The definition of ‘contributions’ is expanding, it could look like. (Read Opensource.com’s OSCON article and on-boarding is improving. collection [17] for examples.) Historically non-code-related open source contributions Conferences are also investing in the next genera- haven’t been recognized as contributions. Measuring tion of programmers and contributors through dedicated code contributions and code reviews has been easier than co-located events. One great example of this is SCALE: measuring other types of contributions, such as documen- The Next Generation [18], a track hosted at the South- tation, marketing, legal representation, and graphic de- ern California Linux Expo, an annual community event. I sign. Increasingly open source projects and organizations love how SCaLE helps teach kids about programming and are recognizing, encouraging, valuing, and supporting technology. Young community members, such as Keila contributions in all areas of the open source ecosystem, Banks [19], Justin King, and Schuyler St. Leger [20], have and they are making it easier for new contributors to join spoken at this event. communities. Often the kids at conferences have relatives working in GitHub has become the tool of choice for internal devel- technology who are highly involved in encouraging and opment in companies changing their culture to be collabora- championing young people. Keila, for example, is the tive and agile. I asked Brandon Keepers [25], head of open daughter of Phillip Banks, one of the SCaLE event orga- source at GitHub, about their initiatives. He explained that . 56 Open Source Yearbook 2016 . Opensource.com GitHub launched a survey [26] to help them understand their [10] https://developers.google.com/open-source/gsoc/2016/ changing community and its needs. His team is also working organizations to provide best practice frameworks for project leaders to [11] http://ghc.anitaborg.org/ help them run better projects, which includes sample codes [12] http://conferences.oreilly .com/oscon/oscon-tx of conduct and README templates. [13] http://events.linuxfoundation.org/events/linuxcon-​ north-america 6. Allies are taking more active roles in improving [14] http://www.pycon.org/ diversity. [15] https://www .socallinuxexpo.org/scale/15x/ From its beginning, the Ada Initiative [27] founders recog- [16] https://www.openstack.org/summit/ nized the roles male allies play in increasing diversity in [17] https://opensource.com/tags/oscon technology. The organization was formed in 2011 by Valerie [18] https://www.socallinuxexpo.org/scale/14x/scale-next-​ Aurora and Mary Gardiner and worked on making technical generation conferences harassment-free, providing training on how to [19] https://opensource.com/life/16/4/5-open-source-programs- overcome impostor syndrome, and provided practical skills automated-teens-toolbox training for male allies. Many men want to support diversi- [20] https://opensource.com/life/16/1/scale14x-interview-schuyler-​ ty efforts and create a more inclusive culture, but may not st-leger know how to help. The Ada Initiative and NCWIT skills train- [21] https://www .youtube.com/watch?v=xkTcSoQ-q5Q ing [28] are examples of practical approaches to showing [22] https://bitergia.com/about/team/ male allies how they can support gender equality and build [23] https://opensource.com/business/16/4/openstack-summit-​ inclusive cultures. interview-daniel-izquierdo-bitergia [24] https://blog.bitergia.com/ What will 2017 bring? [25] https://opensource.com/life/15/10/ato-interview-brandon- ​ As 2016 comes to a close, we’re seeing real progress in how keepers-github we welcome new people and encourage them to stay in the [26] https://github.com/github/open-source-survey open source community, but there is still much to be done. [27] https://opensource.com/business/15/8/ada-initiative-legacy What plans does your project, organization, or community [28] https://www.ncwit.org/resources/10-actionable-ways-actually-​ have for increasing diversity in open source in the new year? increase-diversity-tech Send your story ideas to [email protected]. Author Resources Nithya A. Ruff is the Director of Western Digital’s Open [1] https://www.linuxfoundation.org/ Source Office. She is the founding President of Western [2] https://www.openstack.org/foundation Digital’s Women’s Innovation Network (WIN), which is ded- [3] https://opensource.com/business/16/5/look-back-austin- icated to the development of women’s highest potential in openstack-summit the work place. Nithya graduated with an MS in Comput- [4] https://www .ncwit.org/ er Science from NDSU and an MBA from the University [5] https://www .redhat.com/en/about/women-in-open-source of Rochester, Simon Business School. [6] https://www.redhat.com/en/summit/2016/agenda She lives in Silicon Valley and is a proud [7] https://www.gnome.org/outreachy/ mother of two daughters. Follow Nithya [8] http://events.linuxfoundation.org/sites/events/files/slides/ on Twitter at: @nithyaruff (The views ex- outreachy_slides.pdf pressed are her own and do not represent [9] https://developers.google.com/open-source/gsoc/ Western Digital.)

. Open Source Yearbook 2016 . Opensource.com 57 Most Popular Top 10 open source

projects of 2016 BY JEN WIKE HUGER

to be impressed with the connect with other users and the community, find Atom WE CONTINUE wonderful open source proj- on GitHub [4], Discuss [5], and Slack [6]. ects that emerge, grow, change, and evolve every year. Atom is MIT [7] licensed and the source code [8] is hosted Picking 10 to include in our annual list of top projects is no on GitHub. small feat, and certainly no list this short can include every deserving project. Eclipse Che To choose our 10, we looked back at popular open Eclipse Che [9] is a next-generation online integrated de- source projects our writers covered in 2016, and collected velopment environment (IDE) and developer workspace. suggestions from our Community Moderators. After a round Joshua Allen Holm brought us a review [10] of Eclipse Che of nominations and voting by our moderators, our editorial in November 2016, which provided a look at the developer team narrowed down the final list. community behind the project, its innovative use of con- So here they are, our top 10 open source projects of 2016: tainer technology, and popular languages it supports out of the box. Atom “The ready-to-go bundled stacks included with Eclipse Atom [1] is a hackable text editor from GitHub. Jono Bacon Che cover most of the modern popular languages. There wrote [2] about its “simple core” earlier this year, exclaiming are stacks for C++, Java, Go, PHP, Python, .NET, Node.js, approval for open source projects that give users options. Ruby on Rails, and Android development. A Stack Library “[Atom] delivers the majority of the core features and provides even more options and if that is not enough, settings that most there is the option users likely will to create a custom want, but is missing stack that can pro- many of the more vide specialized advanced or spe- environments.” cific features some You can test out users may want. Eclipse Che in an … Atom provides online hosted ac- a powerful frame- count [11], through work that allows a local installation pretty much any [12], or in your pre- part of Atom to be ferred cloud provid- changed and ex- er [13]. The source panded.” code [14] can be To get started found on GitHub contributing, read Image by: George Eastman House and Internet Archive Book Images. Modified by Opensource.com. under an Eclipse the guide [3]. To CC BY-SA 4.0 Public License [15]. . 58 Open Source Yearbook 2016 . Opensource.com Most Popular

FreeCAD FreeCAD [16] is written in Python and one of the many computer-aided design—or computer-aided drafting—tools available to create design specifications for real-world ob- jects. Jason Baker wrote about FreeCAD in “3 open source alternatives to AutoCAD” [17]. “FreeCAD can import and export from a variety of common formats for 3D objects, and its modular architecture makes it easy to extend the basic functionality with various plug- ins. The program has many built-in interface options, from a sketcher to renderer to even a robot simulation ability.” FreeCAD is LGPL [18] licensed and the source code [19] TV, music, and more. It is heavily customizable, and supports is hosted on GitHub. numerous skins, plugins, and a variety of remote control devic- es (including its own custom Android remote for your phone). GnuCash Although we didn’t cover Kodi in-depth this year, it kept GnuCash [20] is a cross-platform open source desktop popping up in articles on building a home Linux music server solution for managing your personal and small business ac- [26], media management tools [27], and even a previous poll counts. Jason Baker included GnuCash in our roundup [21] on favorite open source video players [28]. of the open source alternatives to Mint and Quicken for per- The source code [29] to Kodi can be found on GitHub sonal finance. under a GPLv2 [30] license. GnuCash “features multi-entry bookkeeping, can import from a wide range of formats, handles multiple currencies, MyCollab helps you create budgets, prints checks, creates custom re- MyCollab [31] is a suite of tools for customer relationship ports in Scheme, and can import from online banks and pull management, document management, and project manage- stock quotes for you directly.” ment. Community Moderator Robin Muilwijk covered the de- You can find GnuCash’s source code [22] on GitHub under tails of the project management tool MyCollab-Project in his a GPL version 2 or 3 license [23]. roundup of “Top 11 project management tools for 2016” [32]. An honorable mention goes to GnuCash alternative KMy- “MyCollab-Project includes many features, like a Gantt Money [24], which also received a nomination for our list, and chart and milestones, time tracking, and issue management. is another great option for keeping your finances in Linux. It also supports agile development models with its Kanban board. MyCollab-Project comes in three editions, of which the Kodi community edition [33] is the free and open source option.” Kodi [25] is an open source media center solution, formerly Installing MyCollab requires a Java runtime and MySQL known as XBMC, which works on a variety of devices as a do- stack. Visit the MyCollab site [34] to learn how to contribute it-yourselfer’s tool to building a set-top box for playing movies, to the project. . Open Source Yearbook 2016 . Opensource.com 59 MyCollab is AGPLv3 licensed and the source code is host- Roundcube ed on GitHub. Roundcube [46] is a modern, browser-based email client that provides much—if not all—of the functionality email users OpenAPS may be used to with a desktop client. Featuring support for OpenAPS [35] is another project that our moderators found more than 70 languages, integrated spell-checking, a drag- interesting in 2016, but also one that we have yet to cover in and-drop interface, a feature-rich address book, HTML email depth. OpenAPS, the Open Artificial Pancreas System proj- composition, multiple search features, PGP encryption sup- ect, is an open source project devoted to improving the lives port, threading, and more, Roundcube can work as a drop-in of people with Type 1 diabetes. replacement email client for many users. The project includes “a safety-focused reference design [36], Roundcube was included along with four other solutions in a toolset [37], and an open source reference implementa- our roundup of open source alternatives to Gmail [47]. tion” [38] designed for device manufacturers or any individ- You can find the source code [48] to Roundcube on GitHub ual to be able to build their own artificial pancreas device to under a GPLv3 license. In addition to downloading and in- be able to safely regulate blood glucose levels overnight by stalling the project directly, you can also find it inside many adjusting insulin levels. Although potential users should ex- complete email server packages, including Kolab Groupware amine the project carefully and discuss it with their health- [49], iRedMail [50], Mail-in-a-Box [51], and mailcow [52]. care provider before trying to build or use the system them- That’s it for our list. What was your favorite open source selves, the project founders hope opening up technology project in 2016? will accelerate the research and development pace across the medical devices industry to discover solutions and bring Resources them to market even faster. [1] https://atom.io/ [2] https://opensource.com/life/16/2/culture-pluggable-​open- OpenHAB source OpenHAB [39] is a home automation platform with a plug- [3] https://github.com/atom/atom/blob/master/CONTRIBUTING.md gable architecture. Community Moderator D Ruth Bavousett [4] https://github.com/atom/atom wrote about OpenHAB [40] after buying a home this year [5] http://discuss.atom.io/ and trying it out. [6] http://atom-slack.herokuapp.com/ “One of the interesting modules I found was the Blue- [7] https://raw.githubusercontent.com/atom/atom/master/​ tooth binding; it can watch for the presence of specific Blue- LICENSE.md tooth-enabled devices (your smartphone, and those of your [8] https://github.com/atom/atom children, for instance) and take action when that device ar- [9] http://www.eclipse.org/che/ rives or leaves—lock or unlock doors, turn on lights, adjust [10] https://opensource.com/life/16/11/introduction-eclipse-che your thermostat, turn off security modes, and so on.” [11] https://www.eclipse.org/che/getting-started/cloud/ Check out the full list of binding and bundles [41] that pro- [12] https://www.eclipse.org/che/getting-started/download/ vide integration and communication with social networks, [13] https://bitnami.com/stack/eclipse-che instant messaging, cloud IoT platforms, and more. [14] https://github.com/eclipse/che/ OpenHAB is EPL licensed and the source code is hosted [15] https://github.com/eclipse/che/blob/master/LICENSE on GitHub. [16] http://www.freecadweb.org/ [17] https://opensource.com/alternatives/autocad OpenToonz [18] https://github.com/FreeCAD/FreeCAD/blob/master/COPYING OpenToonz [42] is production software for 2D animation. [19] https://github.com/FreeCAD/FreeCAD Community Moderator Joshua Allen Holm reported [43] on [20] https://www.gnucash.org/ its open source release in March 2016, and it has been [21] https://opensource.com/life/16/1/3-open-source-personal- mentioned in other animation-related articles on Open- finance-tools-linux source.com, but we haven’t covered it in depth. Stay tuned [22] https://github.com/Gnucash/ for that. [23] https://github.com/Gnucash/gnucash/blob/master/LICENSE In the meantime, we can tell you that there are a number [24] https://kmymoney.org/ of features unique to OpenToonz, including GTS, which is [25] https://kodi.tv/ a spanning tool developed by Studio Ghibli, and a plug-in [26] https://opensource.com/life/16/1/how-set-linux-based-​ effect SDK [44] for image processing. music-server-home To discuss development and video research topics, [27] https://opensource.com/life/16/6/tinymediamanager-​catalogs-​ check out the forum [45] on GitHub. OpenToonz source your-movie-and-tv-files code is hosted on GitHub and the project is licensed under [28 https://opensource.com/life/15/11/favorite-open-source-​ a modified BSD license. video-player . 60 Open Source Yearbook 2016 . Opensource.com [29] https://github.com/xbmc/xbmc [43] https://opensource.com/life/16/3/weekly-news-march-26 [30] https://github.com/xbmc/xbmc/blob/master/LICENSE.GPL [44] https://github.com/opentoonz/plugin_sdk [31] https://community.mycollab.com/ [45] https://github.com/opentoonz/opentoonz/issues [32] https://opensource.com/business/16/3/top-project-​ [46] https://roundcube.net/ management-tools-2016 [47] https://opensource.com/alternatives/gmail [33] https://github.com/MyCollab/mycollab [48] https://github.com/roundcube/roundcubemail [34] https://community.mycollab.com/docs/developing-mycollab/​ [49] http://kolab.org/ how-can-i-contribute-to-mycollab/ [50] http://www.iredmail.org/ [35] https://openaps.org/ [51] https://mailinabox.email/ [36] https://openaps.org/reference-design [52] https://mailcow.email/ [37] https://github.com/openaps/openaps [38] https://github.com/openaps/oref0/ [39] http://www.openhab.org/ Author [40] https://opensource.com/life/16/4/automating-​your-home- Jen Wike Huger is the Content Manag- openhab er for Opensource.com. Follow her on [41] http://www.openhab.org/features/supported-technologies.html Twitter @jenwike and see her extended [42] https://opentoonz.github.io/e/index.html portfolio at Jen.io.

Transparency. Adaptability. Inclusivity. Community. Collaboration.

It's open. For business. opensource.com/open-organization

. Open Source Yearbook 2016 . Opensource.com 61 ...... LEARNING...... Publisher’s picks: Hot 2016 open source books

share their picks for must-read BOOK PUBLISHERS 2016 open source-related book releases.

No Starch Press Practical Forensic Imaging [4] By Bruce Nikkel (Contributed by Anna Morrow) 320 Pages The Car Hacker’s Handbook [1] Published: September 2016 By Craig Smith 304 Pages When forensic investigations involve dig- Published: March 2016 ital activity, the proper handling of media evidence is critical. Practical Forensic With its focus on low-cost, open source Imaging takes a detailed look at how hacking tools, The Car Hacker’s Hand- to use open source command=line tools to secure and book will give you a deeper understanding manage digital evidence. Author Bruce Nikkel walks you of the computer systems and embedded through the entire forensic acquisition process and covers software in modern vehicles. The book begins by examining practical scenarios and situations related to the imaging vulnerabilities and providing detailed explanations of commu- of storage media. Practical Forensic Imaging is an invalu- nications over the CAN bus and between devices and sys- able resource for experienced digital forensic investigators tems. You’ll learn how to build an accurate threat model for wanting to advance their Linux skills and experienced Linux your vehicle, reverse engineer the CAN bus to fake engine administrators wanting to learn digital forensics. signals, exploit vulnerabilities, build physical and virtual test benches, and much more. If you’re curious about automotive Scratch Programming Playground [5] security, The Car Hacker’s Handbook is for you. By Al Sweigart 288 Pages Electronics for Kids [2] Published: September 2016 By Øyvind Nydal Dahl 328 Pages Scratch is the standard language for Published: July 2016 teaching kids to program, with more than 14-million users worldwide. In Scratch Electronics for Kids is perfect for feeding Programming Playground, kids can learn kids’ natural curiosity about electronics to program by making cool games. Each game includes through hands-on projects. Kids (and the easy-to-follow instructions, review questions, and creative adults in their lives!) will build projects coding challenges that allow kids to make the games their like an electronic coin tosser, an electromagnet, an electric own. Kids will make games like Maze Runner, Snake, a motor, an intruder alarm, a musical instrument, a touch sen- Fruit Ninja clone, a remake of Breakout, and even a game sor LED circuit, and even a lemon-powered LED light. Along inspired by Super Mario Bros. From the author of fan favorite the way, they’ll learn how current, voltage, and circuits work. Automate the Boring Stuff with Python, Scratch Program- With clear explanations and fun projects, this book will have ming Playground proves that learning to program isn’t dreary kids building their own circuits in no time. when you make a game of it. To read more from Al Sweigart, To read more from Øyvind Nydal Dahl, author of Electronics author of Scratch Programming Playground, visit his Open- for Kids, visit his Opensource.com author page [3]. source.com author page [6]. . 62 Open Source Yearbook 2016 . Opensource.com • Use ESLint, Flow, and Jest tools to check and test your Wicked Cool Shell Scripts, 2nd Edition [7] code as your app evolves By Dave Taylor and Brandon Perry • Manage communication between components with Flux 392 Pages Published: October 2016 Reactive Programming with RxJava [10] An update to the beloved first edition, Creating Asynchronous, Event-Based the second edition of Wicked Cool Shell Applications Scripts offers a collection of useful, cus- By Tomasz Nurkiewicz, Ben Christensen tomizable, and fun shell scripts for solv- 372 Pages ing common problems and personalizing your computing Published: October 2016 environment. This edition features 23 brand-new scripts, such as a ZIP code lookup tool, a bitcoin address information In today’s app-driven era, when pro- retriever, image processing and editing tools, and classic grams are asynchronous and respon- games like hangman. Whether you want to save time man- siveness is so vital, reactive programming can help you write aging your system or just find new ways to goof off, you’ll code that’s more reliable, easier to scale, and better-per- love these wicked cool scripts. forming. With this practical book, Java developers will first To read more from Dave Taylor, author of Wicked Cool Shell learn how to view problems in the reactive way, and then Scripts, 2nd Edition, visit his Opensource.com author page [8]. build programs that leverage the best features of this excit- ing new programming paradigm. Authors Tomasz Nurkiewicz and Ben Christensen include O’Reilly Media concrete examples that use the RxJava library to solve re- al-world performance issues on Android devices as well as (Contributed by Susan Conant) the server. You’ll learn how RxJava leverages parallelism React: Up & Running [9] and concurrency to help you solve today’s problems. This Building Web Applications book also provides a preview of the upcoming 2.0 release. By Stoyan Stefanov 222 Pages • Write programs that react to multiple asynchronous Published: July 2016 sources of input without descending into “callback hell” • Get to that aha! moment when you understand how to Hit the ground running with React, the solve problems in the reactive way open-source technology from Facebook • Cope with Observables that produce data too quickly to for building rich web applications fast. be consumed With this practical guide, Yahoo! web developer Stoyan • Explore strategies to debug and to test programs written Stefanov teaches you how to build components—React’s in the reactive style basic building blocks—and organize them into maintainable, • Efficiently exploit parallelism and concurrency in your large-scale apps. If you’re familiar with basic JavaScript programs syntax, you’re ready to get started. • Learn about the transition to RxJava version 2 Once you understand how React works, you’ll build a complete custom Whinepad app that helps users rate wines and keep notes. You’ll quickly learn why some developers Learning Node, 2nd Edition [11] consider React the key to the web app development puzzle. Moving to the Server-Side By Shelley Powers • Set up React and write your first “Hello world” web app 288 Pages • Create and use custom React components alongside Published: May 2016 generic DOM components • Build a data table component that lets you edit, sort, Take your web development skills from search, and export its contents browser to server with Node—and learn • Use the JSX syntax extension as an alternative to func- how to write fast, highly scalable network tion calls applications on this JavaScript-based platform. Updated for • Set up a lean, low-level build process that helps you the latest Node Long Term Support (LTS) and Node Cur- focus on React rent (6.0) releases, this hands-on edition helps you master • Build a complete custom app that lets you store data on Node’s core fundamentals and gain experience with several the client built-in and contributed modules. . Open Source Yearbook 2016 . Opensource.com 63 ...... LEARNING......

Get up to speed on Node’s event-driven, asynchronous • Advanced methods for model evaluation and parameter I/O model for developing data-intensive applications that tuning are frequently accessed but computationally simple. If • The concept of pipelines for chaining models and encap- you’re comfortable working with JavaScript, this book sulating your workflow provides many programming and deployment examples • Methods for working with text data, including text-specific to help you take advantage of server-side development processing techniques with Node. • Suggestions for improving your machine learning and data science skills • Explore the frameworks and functionality for full-stack Node development • Dive into Node’s module system and package manage- Arduino: A Technical Reference [13] ment support A Handbook for Technicians, Engineers, and • Test your application or module code on the fly with Makers Node’s REPL console By J. M. Hughes • Use core Node modules to build web applications and an 638 Pages HTTP server Published: May 2016 • Learn Node’s support for networks, security, and sockets • Access operating system functionality with child processes Rather than yet another project-based • Learn tools and techniques for Node development and workbook, Arduino: A Technical Refer- production ence is a reference and handbook that thoroughly describes • Use Node in microcontrollers, microcomputers, and the the electrical and performance aspects of an Arduino board Internet of Things and its software. This book brings together in one place all the information you need to get something done with Ardui- no. It will save you from endless web searches and digging Introduction to Machine Learning through translations of datasheets or notes in project-based with Python [12] texts to find the information that corresponds to your own A Guide for Data Scientists particular setup and question. By Andreas C. Müller, Sarah Guido Reference features include pinout diagrams, a discussion 392 Pages of the AVR microcontrollers used with Arduino boards, a look Published: September 2016 under the hood at the firmware and run-time libraries that make the Arduino unique, and extensive coverage of the Machine learning has become an inte- various shields and add-on sensors that can be used with gral part of many commercial applica- an Arduino. One chapter is devoted to creating a new shield tions and research projects, but this field is not exclusive to from scratch. The book wraps up with detailed descriptions large companies with extensive research teams. If you use of three different projects: a programmable signal generator, Python, even as a beginner, this book will teach you practical a “smart” thermostat, and a programmable launch sequenc- ways to build your own machine learning solutions. With all er for model rockets. Each project highlights one or more the data available today, machine learning applications are topics that can be applied to other applications. limited only by your imagination. You’ll learn the steps necessary to create a successful machine-learning application with Python and the scikit- Packt learn library. Authors Andreas Müller and Sarah Guido (Contributed by Richard Gall) focus on the practical aspects of using machine learning algorithms, rather than the math behind them. Familiarity C#6 and .NET Core [14] with the NumPy and matplotlib libraries will help you get By Mark J. Price even more from this book. 550 Pages With this book, you’ll learn: Published: March 2016

• Fundamental concepts and applications of machine There’s a lot of talk about open source learning going mainstream—Microsoft’s launch • Advantages and shortcomings of widely used machine of .NET Core in June 2016 confirmed learning algorithms that fact. It redefined the way the devel- • How to represent data processed by machine learning, opment world saw one of the most established tech giants, including which data aspects to focus on and appeared to be an admission that the world hadn’t been . 64 Open Source Yearbook 2016 . Opensource.com going in the direction they thought it would decades earlier. Smart Internet of Things Projects [17] This book provides developers with a comprehensive look at By Agus Kurniawan Microsoft’s powerful language and impressive open-source 258 Pages framework, designed to give readers fluency and confidence Published: September 2016 to build cross-platform applications. At 550 pages, there’s just about everything you’d need to know, which means it The Internet of Things has been a acts both as a great tutorial and a reliable resource. Open buzzword for a little while now, but this source might mean rapid change and constant iteration, but year we’ve started to see it become this book provides readers with a stable and trusted source more of a reality. And the point, really, of knowledge. is simple—you’ve just got to build it yourself. The book in- cludes fun real-world projects, from building an automomous remote control car to speech technology, and is a great way Learning Angular 2 [15] to help you get creative. By Pablo Deeleman 352 Pages ReactJS Blueprints [18] Published: May 2016 By Sven A. Robbestad 422 Pages Angular 2 was easily the most antici- Published: July 2016 pated software release of 2016. Google kept the world waiting—it wasn’t until Angular 2 might have been hotly antici- May that we properly got to see what pated in 2016, but React has slowly been the new framework actually looked like. That was when taking a hold of the JavaScript imagina- Packt released Learning Angular 2, a no nonsense and tion for a couple of years now—in 2016, fast paced guide to the new features of the framework. Facebook’s impressive library went mainstream. It’s also a tool Showing readers how to build Angular 2 components, that highlights the nature of the web today: dynamic, fast, and demonstrating how to get to grips with the TypeScript lightweight in our data intensive age. ReactJS Blueprints takes syntax and working with directives and services, the book you straight into React, showing readers how to build a com- brings together everything the curious and ambitious web plete application with the library. It doesn’t just teach—it demon- developer needs to get started with this cutting-edge strates how React works by showing you how to use it yourself. framework. Resources [1] https://www.nostarch.com/carhacking Getting Started with TensorFlow [16] [2] https://www.nostarch.com/electronicsforkids By Giancarlo Zaccone [3] https://opensource.com/users/oyvdahl 180 Pages [4] https://www.nostarch.com/forensicimaging Published: July 2016 [5] https://www.nostarch.com/scratchplayground [6] https://opensource.com/users/alsweigart TensorFlow was the surprise hit of [7] https://www.nostarch.com/wcss2 2016. But we probably shouldn’t have [8] https://opensource.com/users/davetaylor been so surprised. With machine [9] http://shop.oreilly.com/product/0636920042266.do learning becoming one of the biggest [10] http://shop.oreilly.com/product/0636920042228.do trends across the technology world, the arrival of a tool [11] http://shop.oreilly.com/product/0636920046936.do like TensorFlow, which is so easy—and enjoyable—to [12] http://shop.oreilly.com/product/0636920030515.do use, was inevitable. Getting Started with TensorFlow does [13] http://shop.oreilly.com/product/0636920037880.do exactly what it says on the cover—and it’s created spe- [14] https://www.packtpub.com/application-develop- cifically for those people that want to get up and running ment/c-6-and-net-core-10 with machine learning as quickly as possible. From basic [15] https://www.packtpub.com/web-development/learning-​ mathematics to neural networks and deep learning, this angular-2 book proves that using software in a smart and impactful [16] https://www.packtpub.com/big-data-and-business-​ way doesn’t have to be a steep learning curve and doesn’t intelligence/​getting-started-tensorflow require you to wade through theory. [17] https://www.packtpub.com/hardware-and-creative/ smart-internet-things-projects [18] https://www.packtpub.com/web-development/reactjs-​ blueprints . Open Source Yearbook 2016 . Opensource.com 65 ...... LEARNING......

fun Raspberry Pi 8 projects to try BY ANDERSON SILVA

flew by, and 2. Kodi Media Center FOR MANY OF US 2016 we didn’t Kodi Media Center is an open source media player that runs complete all our New Year’s resolutions or mark everything in several different platforms. Formerly known as XBMC Me- off our “2016 To Do” lists. I didn’t have nearly enough time to dia Center, it is one of the most popular projects for running play with the Raspberry Pi this year, and my list of projects on a Raspberry Pi. (License: GPLv2) I want to do keeps growing. In this article I’ve rounded up 8 recent Raspberry Pi projects that I haven’t made yet, but that • How to install Kodi on Raspberry Pi [5] made it onto my “2017 To Do” list. • Official Kodi Wiki Raspberry Pi page [6] • Tuukka’s Raspberry Pi Kodi installation tutorial [7] Recent Raspberry Pi projects to try See video demo at: https://youtu.be/4oMongjNslg. 1. Magic Mirror2 Magic Mirror2 was created by Michael Teeuw. This proj- 3. Raspberry Pi Weather Station ect allows you to convert your hall or bathroom mirror The Raspberry Pi Weather Station is a project created by Pe- into a personal ter Kodermac that assistant. Both provides all the infor- the Raspberry mation to build your Pi 2 and 3 are own weather station. supported by Peter gives you the this project, and code and recom- you can count on mends the best type a rapidly growing of sensors for this community to help scientific project. you build your own Magic Mirror2. • Peter Koder- (License: MIT) mac’s email: peter@raspberry​ • Michael Teeuw’s weather.com Twitter: • Raspberry Pi @MichMich [1] Weather Station • Magic Mirror2 Image by: Internet Archive Book Images. Modified by Opensource.com. website [8] site [2] • Raspberry Pi Weather Station GitHub [9] • Michael Teeuw, Xony Labs [3] • Michael Teeux’s Magic Mirror2 at GitHub [4] 4. Fedora 25 on a Pi The Fedora 25 project is an open source operating system See video demo at: https://player.vimeo.com/video/171152845. known for its simplicity, which makes it an excellent product . 66 Open Source Yearbook 2016 . Opensource.com for those new to open source development. Fedora 25 [10] 8. RTAndroid (Real-Time Android) was recently released and is the first Fedora release with Running Android on a Raspberry Pi is being explored in official support for the Raspberry Pi. Fedora 25 supports earnest, most notably at the Aachen University in Germa- the Raspberry Pi B+ version 2 and 3. Non-official spins ny. The project is called RTAndroid (Real-Time Android) of the Fedora distribution have been available in the past and, although still a work in progress, it is interesting and (i.e., Pidora [11]). intriguing. • Raspberry Pi 3 Android 7.0 with Google Play and Android • Fedora Wiki’s Raspberry Pi page [12] Root (video) [21] • Pidora Fedora remix [13] • RTAndroid Raspberry Pi installation tutorial [22]

(I plan to review Fedora 25 on the Raspberry Pi in an upcom- See video demo at: https://youtu.be/Df-bMWONIYk. ing article on Opensource.com.) Resources 5. Pi Hole server-level ad blocking [1] https://twitter.com/MichMich Raspberry Pi is useful for creating powerhouse ad blocking [2] https://magicmirror.builders/ on a network. Instead of blocking ads at the browser lev- [3] http://michaelteeuw.nl/tagged/magicmirror el and having to manage the different extensions, why not [4] https://github.com/MichMich/MagicMirror block ads for your entire network? That’s what Pi Hole will let [5] http://kodi.wiki/view/HOW -TO:Install_Kodi_on_Raspberry_Pi you to do. It claims it blocks more than 100,000 ad-serving [6] http://kodi.wiki/view/raspberry_Pi domains from your network. This may be the first project I try [7] http://mymediaexperience.com/raspberry-pi-xbmc-with-​ when I have time. (License: GPLv2) raspbmc/ [8] http://www.raspberryweather.com/ • Pi Hole site [14] [9] https://github.com/peterkodermac/Raspberry-Weather • Pi Hole GitHub [15] [10] https://fedoramagazine.org/fedora-25-released/ [11] http://pidora.ca/ See video demo at: https://youtu.be/9Eti3xibiho. [12] https://fedoraproject.org/wiki/Raspberry_Pi [13] http://pidora.ca/ 6. RetroPi retro gaming machine [14] https://pi-hole.net/ The RetroPi retro gaming machine is an open source proj- [15] https://github.com/pi-hole/pi-hole ect that transforms your Raspberry Pi into a time machine, [16] https://retropie.org.uk/ allowing you to enjoy some of good old games of the ‘70s, [17] https://github.com/RetroPie/RetroPie-Setup ‘80s, ‘90s and 2000s. (License: GPLv3) [18] https://github.com/RetroPie/RetroPie-Setup/wiki/Supported-​ Systems • RetroPi Gaming page [16] [19] https://www .hackster.io/FutureSharks/raspberry-pi-security-​ • RetroPi setup GitHub [17] system-with-motion-detection-camera-bed172 • A list of supported emulators that run under RetroPie [18] [20] https://github.com/FutureSharks/rpi-security [21] https://www.youtube.com/watch?v=Df-bMWONIYk See video demo at: https://youtu.be/xvYX_7iRRI0. [22] https://git.embedded.rwth-aachen.de/rtandroid/downloads/ raspberry-pi/ 7. Security system A comprehensive tutorial by developer Max Williams ex- Author plains how to build a security system with a Raspberry Pi, Anderson Silva is the Sr. Manager of Red including a camera, a motion sensor, and notifications via Hat’s IT Platform Operations. He has telegram. (License: GPLv2) been a Red Hatter since 2007. He is an RHCE and RHCA and an active Fedora • Motion-sensing Raspberry Pi security system page [19] Package maintainer. • Raspberry Pi Security System GitHub [20]

. Open Source Yearbook 2016 . Opensource.com 67 ...... CREATING...... trends in open source 5documentation BY SHAUN MCCANCE

doing open source documentation for I’VE BEEN a long time. Over the past decade, there have been a lot of attitude shifts regarding authoring Image by: Internet Archive Book Images. Modified by Opensource.com. and publishing. Some of these trends seem to go in cycles, such as the popularity of semantic markup. The latest trends tools like it have drastically changed the way the entire soft- move documentation closer to code, what many have called ware industry deals with documentation. docs as code. Let’s look at a few of the larger themes in documentation trends: 2. Lightweight languages There have always been plenty of choices for documentation 1. Git source formats. There are semantic XML formats, and SGML When I first started doing documentation work for GNOME [1], formats before that. There are TeX dialects and troff [6] dialects. we wrote our documentation in DocBook [2] and stored it There are the source formats of word processors, page layout in CVS repositories alongside our code. These days, most tools, and help authoring tools. There are the internal formats GNOME documentation is written in Mallard [3] and stored of various wikis and content management systems. There’s in a Git [4] repository (after a brief stint with SVN). Although HTML. And there are a handful of lightweight markup languag- formats and tools have changed, the constant factor is that es that are designed to be easy to type in a text editor. sources are stored in revision control [5], just like code. People are increasingly choosing lightweight markup lan- It may seem odd to call this a trend when we’ve been do- guages for a number of reasons. They are usually easier to ing it for so long, but a few things have changed, and some write, at least for simple things. They tend to play better with of that revolves around what Git has brought to the table. Git version control systems, because they’re generally line orient- is one of the decentralized version control systems that ar- ed. And they can help lower the barrier to entry for new contrib- rived on the scene over the past decade or so. Some people utors, although you should be careful not to expect a change in continue to use decentralized version control systems the source format alone to drive lots of contributors to your project. same way they used CVS or SVN, but that doesn’t expose Lightweight markup languages have their downsides, too. the real power of these systems. Documentation writers are The tools for working with them tend to be limited in scope, increasingly proficient using Git for what it is. They’re cre- and don’t often provide the kind of data model you need to ating development, staging, and production branches, and write other tools. They also don’t usually provide as much they’re merging disparate contributions. This wasn’t as com- semantic information. With XML formats, for example, there mon just a few years ago. are a wealth of tools for translation, validation, link checking, Git is certainly not the only decentralized version control status reporting, and various types of testing and data ex- system. There are also Bazaar and Mercurial, to name just traction. This kind of tooling isn’t currently as extensive for two, and you will find writers wielding the same power with lightweight formats. So although lightweight formats might those tools as well. But Git has taken the majority of the mind ease the barrier to entry for new contributors, they can also share, thanks in large part to popular Git hosting sites. create new barriers to long-term maintenance. As with all This is an area in which open source has lead the trend in things, there are always trade-offs. the overall software documentation industry. A quick glance The three most popular lightweight formats [7] right now at technical writing forums will show plenty of people across are Markdown, AsciiDoc, and reStructured Text. Markdown the industry looking for information on how to effectively is the simplest, but it doesn’t offer much for anything but the transition to Git. In the past, they may have stored their most basic documentation needs. It also comes in many sources on a network drive with no revision control, or they different, slightly incompatible flavors, depending on which may have used a proprietary management system. Git and processing tool you use. AsciiDoc [8] offers more semantics . 68 Open Source Yearbook 2016 . Opensource.com and more types of elements. It originally focused on being 5. Hosted documentation services a front-end to DocBook, but it has grown to natively sup- Automatically publishing documentation sites with contin- port lots of output formats. reStructuredText came from the uous integration is easier than ever, but now there are Python community, and for a long time its use was largely hosted services that take care of everything for you. Just limited to Python projects. It has grown in popularity lately pass them a Git repository, and they’ll automatically build, due to hosting sites, such as Read the Docs [9]. publish, and host your documentation. The most well- known example is Read the Docs. Originally coming out of 3. Static site generators the Python community, its ease of use has made it popular Five years ago, the trend was to use wikis and blogging for all sorts of projects. platforms to create documentation sites. They were easy to Whether free hosted documentation sites can be finan- set up, and giving people accounts to contribute was easy. cially viable remains to be seen—to keep sites like that Particularly brave people would even open their wiki to running costs money and people hours. If the sites can’t anonymous contributions. These days, the trend is to keep maintain a certain level of quality, people will take their sources in version control, then build and publish sites with documentation elsewhere. If you benefit from one of these mostly static HTML files. free services, I encourage you to see how you can help Generating static sites isn’t new. My first job out of college financially. was working on internal tools used at a software company to I believe the hosted documentation services trend will con- build and publish static files for tens of thousands of pages tinue. Smart people will figure out how to smooth the bumps. of documentation. But static sites have become increasingly I also suspect we’ll start seeing paid hosted documentation popular for projects of all sizes, for a number of reasons. services for proprietary software. Open source has led the First, there are increasingly good off-the-shelf static site way on documentation technology over the past decade, generators. Tools like Middleman [10] and Jekyll [11] are and it will continue to do so. just as easy to deploy as a wiki or a blog. Unless you have specialized needs, you no longer have to write and maintain Resources your own site-generating tool. Static site generators have [1] https://wiki.gnome.org/DocumentationProject become increasingly popular among web developers, and [2] https://opensource.com/life/15/8/markup-lowdown technical writers get to ride that wave. [3] http://projectmallard.org/ Another reason static sites are more popular is that source [4] https://opensource.com/resources/what-is-git hosting sites are easier to use, and a growing number of [5] https://opensource.com/life/16/7/systems-administra - technical people use them. One of the draws of a wiki was tors-should-use-revision-control that somebody could contribute without downloading any- [6] http://cgi.csc.liv.ac.uk/~ped/teachadmin/troff_intro.html thing or installing special tools. If your source files are stored [7] https://opensource.com/life/16/8/why-i-love-these-mark- in a hosting service like GitHub, anybody with a GitHub ac- up-languages count can edit them right in their web browser and ask you to [8] https://opensource.com/life/15/10/asciidoc merge their changes. [9] https://readthedocs.org/ [10] https://middlemanapp.com/ 4. Continuous integration [11] https://jekyllrb.com/ Continuous integration [12] is the key that ties the previous [12] https://opensource.com/business/15/7/six-continuous-inte- trends together. You can write your documentation in a sim- gration-tools ple format, store it in Git and edit it on the web using a Git hosting service, and publish a site from those sources. With Author continuous integration, you don’t even need a human to kick Shaun McCance is an expert on open source documen- off the publishing process. If you’re brave, you can publish tation. He’s contributed to many open source projects, in- automatically after every commit to master, and you’ll have a cluding a decade-long stint as the GNOME documentation nearly wiki-like experience for writers. team leader. He organizes the Open Help Conference & Some projects will be more conservative and only publish Sprints, the only conference focused on documentation from a production branch. But even when publishing from a and support in open source and open communities. Shaun branch, continuous integration removes tedious human in- believes in the power of open communities, from making tervention. You can also automatically publish staging sites software to opening a neighborhood for development branches. grocery store. He works as the Commu- Continuous integration isn’t just about publishing, either. nity Documentation Liaison at Red Hat, Projects can use it to automatically test their documentation where he has the privilege of helping for things like validity and link integrity, or to generate reports various open source projects build their on status and coverage. documentation community. . Open Source Yearbook 2016 . Opensource.com 69 ...... CREATING......

wonderful wearable 11open source projects BY RUTH SUEHLE

everything, and almost every- 3. Stormtrooper voice changer LEDS ARE ON one you know has at least It’s never too early to start planning for Halloween or the tried a FitBit or similar device, whereas Google Glass next sci-fi con. If you’ve been thinking it’s time for a set of didn’t really take off. Despite several years of growth, Stormtrooper armor, you might as well sound the part, too. whether wearable electronics are a fad, or here to keep Visit the Sparkfun site to learn how to build a Stormtrooper growing from fun to truly functional is too early to tell. voice changer [4] to go in your helmet. See video demo at: Judge for yourself—read through a few of our favorite http://bit.ly/2ilmVUd. wearable projects from 2016. You might even get inspired to start creating. 4. Cigarette-smoke detecting shirt In more practical projects, a seventh grader used an Arduino 1. AsteroidOS LilyPad [5] to create a cigarette-smoke detecting shirt [6] to Looking for open source in your smartwatch? AsteroidOS [1] encourage his dad to kick the habit. If you smoke while wear- is, too. AsteroidOS is a work in progress and currently func- ing the shirt, it turns on an escalating series of LEDs labeled tions only with the stinky breath, yel- LG G Watch and low teeth, and lung LG Watch Urbane, cancer. See video Sony Smartwatch demo at: http://bit. 3, and ASUS Zen- ly/2i0nDcR. Watch 2. But if you have one of those 5. Pokémon Go watches, you can patches with EL test AsteroidOS by Panels dual booting your Many of us spent a watch. chunk of this sum- mer’s free time on 2. Light show Pokémon Go. If jacket you’re still playing, Music fans should the folks over at check out this light Sparkfun can help show jacket that re- Lead image by: The British Library and The U.S. National Archives. Modified by Opensource.com. you represent your acts to music [2]. Created as a final project for the maker’s team with these EL panel patches [7]. And of course, if you’re Music Technology and Applied Electronics degree, the jacket not a Pokémon fan, you can simply replace those images with is based around an Arduino Mega [3] connected directly to your own favorite designs. If you need a more personal con- a computer and can pulse differently according to pitch or nection to your team, try this similar project from 2014 to make amplitude. See video demo at: http://bit.ly/2i0qD90. an EL tattoo [8]. See video demo at: http://bit.ly/2i0modP. . 70 Open Source Yearbook 2016 . Opensource.com 6. Skintillates Conclusion Leveling up on those tattoos, the Hybrid Ecologies Lab [9] If you want to get started building your own wearables, the is working on Skintillates [10], electronics built into tempo- LilyPad and FLORA [19]. both featured in products above, rary tattoos so that they flex with your skin. They can work are good places to start. There are plenty of resources, both with assorted sensors for a variety of applications, such for buying supplies and project ideas, available across the as checking your typing position or posture or controlling web. To get started with 3D-printed wearables, browse the devices. Their goal is to replace the Arduino and Makey- fashion section of Thingiverse [20]. Makey [11] they’re currently built with and to develop their own open source development board for further flexible Resources wearables. See video demo at: http://bit.ly/2ilgMqS. 1. https://asteroidos.org/ 2. http://www .instructables.com/id/Light-Show-Jacket-That- 7. Cosmic Bitcasting Reacts-to-Music/ Some of the earliest practical applications for wearables in- 3. https://www.arduino.cc/en/Main/arduinoBoardMega volved environmental sensors. Cosmic Bitcasting [12] de- 4. https://learn.sparkfun.com/tutorials/vox-imperium-storm- tects cosmic radiation with the goal of using the data to trooper-voice-changer further cosmic radiation research. You can see the detector 5. https://www.arduino.cc/en/Main/ArduinoBoardLilyPad in person at the Alchemists of Art and Science exhibition [13] 6. https://blog.arduino.cc/2016/07/27/kick-the-habit-with-a-​ at the Ars Electronica Center in Linz, Austria. cigarette-smoke-detecting-shirt/ 7. https://learn.sparkfun.com/tutorials/pokmon-go-patches- 8. threeASFOUR 3D-printed clothes with-el-panels Beyond electronics—and sometimes with them—3D-printed 8. https://www.sparkfun.com/news/1394 clothes and shoes are getting more interesting (albeit per- 9. http://www.hybrid-ecologies.org haps not more comfortable). For their Summer 2016 Interdi- 10. http://www.hybrid-ecologies.org/projects/12-skintillates mensional collection [14], threeASFOUR [15] won the Fash- 11. http://www.makeymakey.com/ ion Design Award by the Cooper-Hewitt Smithsonian Design 12. http://afroditipsarra.com/ Museum. This collection worked to incorporate traditional 13. http://www.aec.at/radicalatoms/en/cosmic-bitcasting/ tailoring with 3D-printed surfaces. 14. https://vimeo.com/143647429 15. http://www.threeasfour.com/ 9. LED matrix handbag 16. http://www.geekmomprojects.com/led-matrix-handbag-2-0-how-to/ Finally, if you’re going to have tech wearables, you’re going 17. http://www.thingiverse.com/thing:1833286 to need to accessorize. Try this LED matrix handbag [16]. 18. http://www.thingiverse.com/thing:237034 You can stream a pattern or a message across the LEDs. 19. https://www.adafruit.com/flora Not only does the maker show you how to set up the matrix 20. http://www.thingiverse.com/explore/newest/fashion and give you the code, she also shows you how to sew the bag itself. See video demo at: http://bit.ly/2hwKCsy. Author Ruth Suehle is the community leadership manager for Red 10. 3D-printed iris-blinking goggles Hat’s Open Source and Standards team. She’s co-author of Then you can top off your outfit with these 3D-printed Raspberry Pi Hacks (O’Reilly, December 2013) and a senior iris-blinking goggles [17]. See video demo at: http://bit. editor at GeekMom, a site for those who find their joy in both ly/2hYjx2g. geekery and parenting. She’s a maker at heart who is often behind a sewing ma- 11. NeoPixel tiara chine creating costumes, rolling fondant Combine a 3D printer, Gemma microcontroller, sewable for an excessively large cake, or looking NeoPixels, and a soldering iron to make a fun lighted ti- for the next great DIY project.You can ara [18]. See video demo at: http://bit.ly/2ilri1f. find her on Twitter: @suehle.

. Open Source Yearbook 2016 . Opensource.com 71 ...... CREATING...... Top open source creative tools in 2016 BY MÁIRÍN DUFFY

I gave a lightning A FEW YEARS AGO, talk at Red Hat Summit that took attendees on a tour of the 2012 open source creative tools [1] landscape. Open source tools have The GIMP team is currently working toward the 2.10 re- evolved a lot in the past few years, so let’s take a tour of lease; 2.8.18 [6] is the latest stable version. More excit- 2016 landscape. (See the online version of this article for ing is the unstable version, 2.9.4 [7], with a revamped user additional images and video links at: http://red.ht/2ihvlvJ) interface featuring space-saving symbolic icons and dark themes, improved color management, more GEGL-based Core applications filters with split-preview, MyPaint brush support (shown These six applications are the juggernauts of open source in screenshot below), symmetrical drawing, and com- design tools. They are well-established, mature projects with mand-line batch processing. For more details, check out full feature sets, stable releases, and active development the full release notes [8]. communities. All six applications are cross-platform; each is available on Linux, OS X, and Windows, although in some cases the Linux versions are the most quickly updated. These applications are so widely known, I’ve also included highlights of the latest features available that you may have missed if you don’t closely follow their development. If you’d like to follow new developments more closely, and perhaps even help out by testing the latest development ver- sions of the first four of these applications—GIMP, Inkscape, Scribus, and MyPaint—you can install them easily on Linux using Flatpak [2]. Nightly builds of each of these applications are available via Flatpak by following the instructions [3] for Nightly Graphics Apps. One thing to note: If you’d like to in- stall brushes or other extensions to each Flatpak version of Inkscape the app, the directory to drop the extensions in will be un- Inkscape [9] is a richly featured vector-based graphic design der the directory corresponding to the application inside the workhorse. Use it to create simple graphics, diagrams, lay- ~/.var/app directory. outs, or icon art. The latest stable version is 0.91 [10]; similarly to GIMP, GIMP more excitement can be found in a pre-release version, GIMP [4] celebrated its 20th anniversary in 2015 [5], mak- 0.92pre3, which was released November 2016. The pre- ing it one of the oldest open source creative applications miere feature of the latest pre-release is the gradient mesh out there. GIMP is a solid program for photo manipulation, feature [11] (demonstrated in screenshot below); new fea- basic graphic creation, and illustration. You can start using tures introduce in the 0.91 release include power stroke GIMP by trying simple tasks, such as cropping and resizing [12] for fully configurable calligraphic strokes (the “open” images, and over time work into a deep set of functional- in “opensource.com” in the screenshot below uses power- ity. Available for Linux, Mac OS X, and Windows, GIMP is stroke), the on-canvas measure tool, and the new symbols cross-platform and can open and export to a wide breadth dialog [13] (shown in the right side of the screenshot be- of file formats, including those popularized by its proprietary low). (Many symbol libraries for Inkscape are available on analogue, Photoshop. GitHub; Xaviju’s inkscape-open-symbols set [14] is fantas- . 72 Open Source Yearbook 2016 . Opensource.com tic.) A new feature available in development/nightly builds editable vector layers. To try out the latest developments in is the Objects dialog that catalogs all objects in a document MyPaint, I recommend installing the nightly Flatpak build, and provides tools to manage them. although there have not been significant feature additions since the 1.2.0 release.

Scribus Scribus [15] is a powerful desktop publishing and page layout Blender tool. Scribus enables you to create sophisticated and beau- Initially released in January 1995, Blender [21], like GIMP, tiful items, including newsletters, books, and magazines, as has been around for more than 20 years. Blender is a pow- well as other print pieces. Scribus has color management erful open source 3D creation suite that includes tools for tools that can handle and output CMYK and spot colors for modeling, sculpting, rendering, realistic materials, rigging, files that are ready for reliable reproduction at print shops. animation, compositing, video editing, game creation, and 1.4.6 [16] is the latest stable release of Scribus; the 1.5.x [17] simulation. series of releases is the most exciting as they serve as a The latest stable Blender release is 2.78a [22]. The 2.78 preview to the upcoming 1.6.0 release. Version 1.5.3 fea- release was a large one and includes features such as the tures a Krita file (*.KRA) file import tool; other developments revamped Grease Pencil 2D animation tool; VR rendering in the 1.5.x series include the Table tool, text frame weld- support for spherical stereo images; and a new drawing tool ing, footnotes, additional PDF formats for export, improved for freehand curves. dictionary support, dockable palettes, a symbols tool, and expanded file format support.

To try out the latest exciting Blender developments, you have many options, including:

MyPaint • The Blender Foundation makes unstable daily builds [23] MyPaint [18] is a drawing tablet-centric expressive drawing available on the official Blender website. and illustration tool. It’s lightweight and has a minimal inter- • If you’re looking for builds that include particular in-devel- face with a rich set of keyboard shortcuts so that you can opment features, graphicall.org [24] is a community-mod- focus on your drawing without having to drop your pen. erated site that provides special versions of Blender (and MyPaint 1.2.0 [19] is the latest stable release and in- occasionally other open source creative apps) to enable cludes new features, such as the intuitive inking tool [20] artists to try out the latest available code and experiments. for tracing over pencil drawings, new flood fill tool, layer • Mathieu Bridon has made development versions of Blend- groups, brush and color history panel, user interface re- er available via Flatpak. See his blog post for details: vamp including a dark theme and small symbolic icons, and Blender nightly in Flatpak [25]. . Open Source Yearbook 2016 . Opensource.com 73 ...... CREATING......

Krita • Latest stable: 0.97 (August 2016) Krita [26] is a digital drawing application with a deep set of • Get the latest version with Flatpak [35] capabilities. The application is geared toward illustrators, concept artists, and comic artists and is fully loaded with ex- Shotcut tras, such as brushes, palettes, patterns, and templates. Shotcut [36] is a free, open source, cross-platform video ed- The latest stable version is Krita 3.0.1 [27], released in itor that started back in 2004 [37] and was later rewritten by September 2016. Features new to the 3.0.x series include 2D current lead developer Dan Dennedy [38]. frame-by-frame animation; improved layer management and functionality; expanded and more usable shortcuts; improve- • Latest stable: 16.11 (November 2016) ments to grids, guides, and snapping; and soft-proofing. • 4K resolution support • Ships as a tarballed binary

OpenShot Video Editor Started in 2008, OpenShot Video Editor [39] is a free, open source, easy-to-use, cross-platform video editor.

• Latest stable: 2.1 [40] (August 2016)

Utilities

SwatchBooker SwatchBooker [41] is a handy utility, and although it hasn’t Video tools been updated in a few years, it’s still useful. SwatchBooker There are many, many options for open source video edit- helps users legally obtain color swatches from various man- ing tools. Of the members of the pack, Flowblade [28] is a ufacturers in a format that you can use with other free and newcomer and Kdenlive is the established, newbie-friendly, open source tools, including Scribus. and most fully featured contender. The main criteria that may help you eliminate some of this array of options is supported GNOME Color Manager platforms—some of these only support Linux. These all have GNOME Color Manager [42] is the built-in color manage- active upstreams and the latest stable versions of each have ment system for the GNOME desktop environment, the de- been released recently, within weeks of each other. fault desktop for a bunch of Linux distros. The tool allows you to create profiles for your display devices using a colorime- Kdenlive ter, and also allows you to load/managed ICC color profiles Kdenlive [29], which was initially released back in 2002, is a for those devices. powerful non-linear video editor available for Linux and OS X (although the OS X version is out-of-date). Kdenlive has a GNOME Wacom Control user-friendly drag-and-drop-based user interface that accom- The GNOME Wacom controls [43] allow you to configure modates beginners, and with the depth experts need. your Wacom tablet in the GNOME desktop environment; you Learn how to use Kdenlive with an multi-part Kdenlive tu- can modify various options for interacting with the tablet, in- torial series [30] by Seth Kenlon. cluding customizing the sensitivity of the tablet and which monitors the tablet maps to. • Latest Stable: 16.08.2 (October 2016) Xournal Flowblade Xournal [44] is a humble but solid app that allows you Released in 2012, Flowblade [31], a Linux-only video editor, to hand write/doodle notes using a tablet. Xournal is is a relative newcomer. a useful tool for signing or otherwise annotating PDF documents. • Latest Stable: 1.8 (September 2016) PDF Mod Pitivi PDF Mod [45] is a handy utility for editing PDFs. PDF Mod Pitivi [32] is a user-friendly free and open source video editor. lets users remove pages, add pages, bind multiple single Pitivi is written in Python [33] (the “Pi” in Pitivi), uses the GStream- PDFs together into a single PDF, reorder the pages, and ro- er [34] multimedia framework, and has an active community. tate the pages. . 74 Open Source Yearbook 2016 . Opensource.com SparkleShare Hydrogen SparkleShare [46] is a git-backed file-sharing tool artists use Hydrogen [55] is an open source drum machine with an in- to collaborate and share assets. Hook it up to a GitLab repo tuitive interface. It provides the ability to create and arrange and you’ve got a nice open source infrastructure for asset various patterns using synthesized instruments. management. The SparkleShare front end nullifies the inscru- tability of git by providing a dropbox-like interface on top of it. Mixxx Mixxx [56] is a four-deck DJ suite that allows you to DJ and mix songs together with powerful controls, including beat looping, Photography time stretching, and pitch bending, as well as live broadcast your mixes and interface with DJ hardware controllers. Darktable Darktable [47] is an application that allows you to develop Rosegarden digital RAW files and has a rich set of tools for the workflow Rosegarden [57] is a music composition suite that includes management and non-destructive editing of photographic tools for score writing and music composition/editing and images. Darktable includes support for an extensive range provides an audio and MIDI sequencer. of popular cameras and lenses. MuseScore Entangle MuseScore [58] is a music score creation, notation, and edit- Entangle [48] allows you to tether your digital camera to ing tool with a community of musical score contributors. your computer and enables you to control your camera completely from the computer. Additional creative tools Hugin Hugin [49] is a tool that allows you to stitch together photos MakeHuman in order to create panoramic photos. MakeHuman [59] is a 3D graphical tool for creating photore- alistic models of humanoid forms.

2D animation Natron Natron [60] is a node-based compositor tool used for video Synfig Studio post-production and motion graphic and special effect design. Synfig Studio [50] is a vector-based 2D animation suite that also supports bitmap artwork and is tablet-friendly. FontForge FontForge [61] is a typeface creation and editing tool. It al- Blender Grease Pencil lows you to edit letter forms in a typeface as well as generate I covered Blender above, but particularly notable from a re- fonts for using those typeface designs. cent release is a refactored grease pencil feature [51], which adds the ability to create 2D animations. Valentina Valentina [62] is an application for drafting sewing patterns. Krita Krita [52] also now provides 2D animation functionality. Calligra Flow Calligra Flow [63] is a Visio-like diagramming tool. (Available for Linux, Mac OS X, and Windows.) Music and audio editing Helpful sites Audacity There are a lot of toys and goodies to try out there. Need Audacity [53] is popular, user-friendly tool for editing audio some inspiration to start your exploration? These websites files and recording sound. and conference are chock-full of tutorials and beautiful cre- ative works to inspire you get you going: Ardour Ardour [54] is a digital audio workstation with an interface • pixls.us [64]: Blog hosted by photographer Pat David that centered around a record, edit, and mix workflow. It’s a little focuses on free and open source tools and workflow for more complicated than Audacity to use but allows for au- professional photographers. tomation and is generally more sophisticated. (Available for • David Revoy’s Blog [65] The blog of David Revoy, an im- Linux, Mac OS X, and Windows.) mensely talented free and open source illustrator, concept . Open Source Yearbook 2016 . Opensource.com 75 ...... CREATING......

artist, and advocate, with credits on several of the Blender [32] http://pitivi.org Foundation films. [33] http://wiki.pitivi.org/wiki/Why_Python%3F • The Open Source Creative Podcast [66]: Hosted by Open- [34] https://gstreamer.freedesktop.org/ source.com community moderator and columnist Jason [35] https://pitivi.wordpress.com/2016/07/18/get-pitivi-directly- van Gumster [67], who is a Blender and GIMP expert, and from-us-with-flatpak/ author of Blender for Dummies [68], this podcast is direct- [36] http://shotcut.org ed squarely at those of us who enjoy open source creative [37] http://permalink.gmane.org/gmane.comp.lib.fltk.general/2397 tools and the culture around them. [38] http://www.dennedy.org/ • Libre Graphics Meeting [69]: Annual conference for free [39] http://openshot.org and open source creative software developers and the [40] http://www.openshotvideo.com/2016/08/openshot-21-​ creatives who use the software. This is the place to find released.html out about what cool features are coming down the pipeline [41] http://www.selapa.net/swatchbooker/ in your favorite open source creative tools, and to enjoy [42] https://help.gnome.org/users/gnome-help/stable/color.html.en what their users are creating with them. [43] https://help.gnome.org/users/gnome-help/stable/wacom. html.en Resources [44] http://xournal.sourceforge.net/ [1] https://opensource.com/life/12/9/tour-through-open- [45] https://wiki.gnome.org/Apps/PdfMod source-creative-tools [46] https://www .sparkleshare.org/ [2] https://opensource.com/business/16/8/flatpak [47] https://opensource.com/life/16/4/how-use-darktable-digital-​ [3] http://flatpak.org/apps.html darkroom [4] https://opensource.com/tags/gimp [48] https://entangle-photo.org/ [5] https://www .gimp.org/news/2015/11/22/20-years-of-gimp- [49] http://hugin.sourceforge.net/ release-of-gimp-2816/ [50] https://opensource.com/article/16/12/synfig-studio-animation- ​ [6] https://www.gimp.org/news/2016/07/14/gimp-2-8-18- software-tutorial released/ [51] https://wiki.blender.org/index.php/Dev:Ref/Release_ [7] https://www.gimp.org/news/2016/07/13/gimp-2-9-4-released/ Notes/2.78/GPencil [8] https://www.gimp.org/news/2016/07/13/gimp-2-9-4-released/ [52] https://opensource.com/tags/krita [9] https://opensource.com/tags/inkscape [53] https://opensource.com/tags/audacity [10] http://wiki.inkscape.org/wiki/index.php/Release_notes/0.91 [54] https://ardour.org/ [11] http://wiki.inkscape.org/wiki/index.php/Mesh_Gradients [55] http://www .hydrogen-music.org/ [12] https://www.youtube.com/watch?v=IztyV-Dy4CE [56] http://mixxx.org/ [13] https://inkscape.org/cs/~doctormo/%E2%98%85sym- [57] http://www.rosegardenmusic.com/ bols-dialog [58] https://opensource.com/life/16/03/musescore-tutorial [14] https://github.com/Xaviju/inkscape-open-symbols [59] http://makehuman.org/ [15] https://opensource.com/tags/scribus [60] https://natron.fr/ [16] https://www.scribus.net/scribus-1-4-6-released/ [61] http://fontforge.github.io/en-US/ [17] https://www.scribus.net/scribus-1-5-2-released/ [62] http://valentina-project.org/ [18] http://mypaint.org [63] https://www.calligra.org/flow/ [19] http://mypaint.org/blog/2016/01/15/mypaint-1.2.0-released/ [64] http://pixls.us [20] https://github.com/mypaint/mypaint/wiki/v1.2-Inking-Tool [65] http://davidrevoy .com/ [21] https://opensource.com/tags/blender [66] http://monsterjavaguns.com/podcast/ [22] http://www.blender.org/features/2-78/ [67] https://opensource.com/users/jason-van-gumster [23] https://builder.blender.org/download/ [68] http://www.blenderbasics.com/ [24] http://graphicall.org/ [69] http://libregraphicsmeeting.org/2016/ [25] https://mathieu.daitauha.fr/blog/2016/09/23/blender-nightly- ​ in-flatpak/ [26] https://opensource.com/tags/krita Author [27] https://krita.org/en/item/krita-3-0-1-update-brings-numerous-​ Máirín Duffy is a principal interaction fixes/ designer at Red Hat. She is passionate [28] https://opensource.com/life/16/9/10-reasons-flowblade-​ about software freedom, and free and linux-video-editor open source tools, particularly in the cre- [29] https://opensource.com/tags/kdenlive ative domain. Her favorite application is [30] https://opensource.com/life/11/11/introduction-kdenlive Inkscape (http://inkscape.org). [31] http://jliljebl.github.io/flowblade/ . 76 Open Source Yearbook 2016 . Opensource.com ...... CREATING Top open innovations in 3D printing BY TOM CALLAWAY

continues to drive rapid in- OPEN SOURCE novation in the 3D printing Image by: Model is “Little Lizard” by loubie, CC-BY-NC industry. This makes sense if you stop and think about it—a open source goodness that makes it possible. In 2016, the 3D printer exists to make other things. Combining that phi- Prusa I3 MK2 3D printer was released, and it is the first losophy with free software and open source hardware helps printer to correct its geometry in all axes automatically. This other people participate in improving the objects that it makes, means that you no longer have to be as concerned about and in making the printers faster, smarter, and cleaner. how precisely the printer is assembled or calibrated—the Here are a few of my favorite open source 3D printing firmware included in the printer will do everything it can to innovations from 2016: ensure that the prints come out perfect. The printer uses nine special calibration points on the printer bed, combined Prusa i3 MK2 with a probe that detects those points, then determines the deviation (if any) on the X and Y axes. This allows the Figure 1: Courtesy of prusa3d.com printer to recalculate and adjust for any skew. It uses the same input to determine the Z height at all of the calibration points and adjust as needed. This technique is called mesh bed leveling and it eliminates most (if not all) imperfections in the bed. There’s a lot more math and engineering to explain how all of this works, but the end result is better prints every time, all powered with open source firmware and hardware. For a deeper dive into how it works, learn more on the Prusa Print- ers site [1] (or watch the demo video [2]).

Mechaduino

Figure 2: Hackaday.io [3]. CC BY-SA 4.0

Josef Průša is one of the core developers of the RepRap project, and the line of printers that bears his name contin- 3D printers are usually powered by NEMA stepper motors. ues to get better and better, without sacrificing any of the The motors turn belts, which cause the printer to move in . Open Source Yearbook 2016 . Opensource.com 77 ...... CREATING......

three dimensions. The motors are cheap and simple, but not Lulzbot TAZ 6 terribly accurate. To get accuracy, you usually want to use in- Figure 4: lulzbot.com [6]. CC BY-SA 4.0 dustrial servo motors, but they aren’t cheap or simple. Enter Tropical Labs and their Mechaduino [4]. Mechaduino is an open source industrial servo con- trol platform that provides a combination of the low cost of mass-produced stepper motors with high-resolution accu- racy. Their vision is to be the “Arduino for mechatronics”. Although this innovative board will have a big impact on a number of different electronics projects, the fact that this can be a drop-in addition to most 3D printers makes it very ex- citing to me. Lots of people agreed, as this easily got funded via Kickstarter, reaching 855% of their goal.

3D printing with clay

Figure 3: Tom Lauerman. CC BY-SA 4.0

I am a huge fan of the Lulzbot printers, and the TAZ 6, released in 2016, is no different. There is a reason that it is “Earth’s highest rated desktop 3D printer,” and that reason is freedom. Everything that goes into the TAZ 6 is free as in freedom [7]—the firmware that drives it, the parts that compose it, the software that controls it— there is no secret sauce in this printer. The TAZ 6 is yet another proof point that open source does not mean sloppy or beta. The printer itself contains a large number of 3D-printed pieces, printed on a fleet of other TAZ printers. Freedom and open source are part of the Lulzbot DNA, and the parent company (Aleph Objects) actively works with their community to come up with hacks, improvements, and modifications to make the printer more robust, accurate, and intelligent. The result of this transparency, remixing, Most 3D printers use plastic filament or resin. A few use and collaboration is a simple yet powerful 3D printing ex- more exotic materials, such as sugar or chocolate, but Tom perience that appeals to an audience from students to Lauerman wanted to use clay. Lauerman, an assistant pro- maker gurus. fessor at Penn State, designed his own 3D printer in col- (Full disclosure: We use Lulzbot 3D printers in the Red laboration with the University’s Learning Factory program Hat 3D printing lab at the Red Hat headquarters in Raleigh, and the Center for Innovative Material Processing through North Carolina.) Direct Digital Deposition (CIMP-3D). Unlike some academ- ic printer projects, the Bricoleur Clay Extruder [5] wasn’t Open source bioprinting built from scratch, patented, documented in an academic Early in 2016, Ourobotics [9], an Irish 3D bioprinting start- paper that few would ever read, and then shelved in a dusty up, introduced the Renegade, an open source bioprinter that basement on campus. Lauerman built upon existing open can be assembled for under US$ 900. This printer is based source 3D clay print head designs, and as a result, he re- on Richard Horne’s Universal Paste Extruder [10]. For much mained committed to releasing all of his designs under an of the 3D printing community, bioprinting is seen as a holy open source license so that others could print and improve grail of the technology. If we can print replacement organs, upon his design. then we can improve and save lives around the world. We’re . 78 Open Source Yearbook 2016 . Opensource.com not quite there yet, but Ourobotics saw the value of innovat- Resources ing in the open source way to help us get to that goal faster [1] http://prusaprinters.org/first-printer-to-automatically-​ and more affordably. correct-geometry-in-all-axes/ Sadly, in August, the CEO of Ourobotics, Jemma Redmond [2] http://bit.ly/2i8Xt5r passed away unexpectedly. One of the small comforts of open [3] https://hackaday.io/project/11224-mechaduino source work is the knowledge that those projects can live on, [4] http://tropical-labs.com/index.php/mechaduino even after we are gone from this world. [5] http://www.thingiverse.com/thing:1413969 [6] https://www.lulzbot.com/ Figure 5: RichRap [8]. CC BY-SA 4.0 [7] https://www.gnu.org/philosophy/free-sw.en.html [8] http://www.thingiverse.com/thing:20733 [9] http://ouro-botics.com/ [10] http://www.thingiverse.com/thing:20733

Author Tom Callaway has been a Red Hat employee since 2001 and is the co-author of Raspberry Pi Hacks (O’Reilly, 2014). Currently he leads the Education Outreach team at Red Hat to promote FOSS in schools. He maintains or co-maintains a large number of packages in Fedora (350+), and is respon- sible for managing Fedora’s legal issues. Tom frequently represents Fedora and free software at conferences around the world, and tries his best not to make too big of a fool of himself. When not working, Tom enjoys geocaching, ice hockey, gaming, science fiction, 3D printing, traveling, and pinball.

. Open Source Yearbook 2016 . Opensource.com 79 Most Likely to Succeed 10 open source projects

to watch in 2017 BY JASON BAKER

has a crystal ball to see the future of tech- Yarn NO ONE nology. Even for projects developed out in Yarn [2] pitches itself as providing “fast, reliable, and secure the open, code alone can’t tell us whether or not a project is dependency management.” In short, it’s a modern replacement destined for success—but there are hints along the way. for npm [3], a package manager built specifically for JavaScript For example, per- developers, which haps it’s not unrea- helped build the en- sonable to assume thusiasm for using that the projects JavaScript across that will help shape the entire appli- our future are those cation stack that projects that have seems so prevalent first seen rapid today. In addition to growth and popular- its speed and se- ity among the devel- curity features, yarn oper community. also features off-line So which new installs, advanced projects should an dependency-man- open source devel- agement features, oper watch in 2017? and deterministic Let’s take a look at Image by: Opensource.com, CC BY-SA 4.0 design to ensure a few projects that that packages in- emerged in 2016 to achieve rapid notoriety in the GitHub stalls across multiple machines should match identically. community. To develop this list, I went through GitHub with a focus on Create React App projects whose repository was created in 2016, and looked A new project from Facebook’s incubator [4] project, Create at the projects ranked by number of stars [1]. It’s not a per- React App [5] is, unsurprisingly, a template for creating Re- fect system; there are, of course, repositories that contain act-based [6] applications without having to create a custom something other than an open source project, and so these build configuration. Providing a simple command-line inter- were omitted from the list. Of course, there also were many face for generating new application, it’s easy to create and great projects introduced in 2016 whose development took deploy a simple application stack that gives developers the place somewhere other than GitHub. Admittedly, the pro- power of the React framework. cess of picking these 10 projects to watch for 2017 from a pool of many choices was as much of an art as a science. Android Architecture Blueprints But I still think these projects are worth keeping an eye on The Android Architecture Blueprints [7] repository is a great in the new year. resource for learning from the UX team at Google best . 80 Open Source Yearbook 2016 . Opensource.com Most Likely to Succeed

practices for organizing and architecting an Android app. By demonstrating several ways of handling common problems, the repository provides a starting point for creating a new ap- plication, or to inform a design decision in your existing app.

Hyper For developers and system administrators, there are two tools that one simply cannot live without: a web browser and a terminal. Hyper [8] is an attempt to bring best attributes of a web application to a terminal emulator, creating a modern terminal experience with JavaScript, HTML, and CSS. Rely- ing on web standards opens up customization and control to Source Yearbook [11]. Looking back at the growing inter- a whole new audience who can use their existing JavaScript est in AI over the past 12 months, finding another Tensor- skills to customize and optimize their terminal. Flow-related project in this year’s batch should come as no surprise, with this repository of TensorFlow models [12] Parse server earning more than 10,000 stars. Conducting tasks from Parse server [9] is a Node.js-based open source back- name generation and learning, image to text processing, end that makes it easy to migrate applications designed and classification, this is a great starting point for anyone for Parse, after the announcement that the hosting service who wants to learn more about TensorFlow while getting would be retired in early 2017. Designed to make creating their hands a little dirty. web applications and APIs easier, Parse is cross-platform and works everywhere that Node.js can be deployed. Anime If you’re interested in web animation, give Anime [13] a look. Bulma Anime is a JavaScript animation engine that works with Designing a good-looking website or web application can CSS, SVG, the document object, and JavaScript objects to be difficult, and made even more so by the complexity of bring animation and interactivity to any web-based project. competing browser standards and the wide array of devices It’s cross-platform, working on all of the major browsers, and your users are viewing from. Bulma [10] is a modern CSS is designed to make both simple and complex animations framework designed to be responsive and modular, easing easy to implement. development for UX teams trying to design interfaces that flow naturally. Swift Algorithm Club Another of our top project from last year’s list was Swift, TensorFlow models the open source language from Apple that has rapidly be- TensorFlow, the Google-driven machine learning frame- come a developer favorite. In this year’s list is the Swift work, was one of our top projects from the 2015 Open Algorithm Club [14], a collection of various algorithms and . Open Source Yearbook 2016 . Opensource.com 81 data structures implemented in Swift that you can use for Are there any projects you’re particularly interested in watch- learning purposes or simply drop into your application. In- ing in 2017? Let us know about them—send us an article cluding numerous sorting, searching, spanning, and tree proposal [21]. algorithms, Swift Algorithm Club is an amateur computer scientist’s wishlist of code implementations. Resources: [1] http://bit.ly/2ivEFgu Weex [2] https://github.com/yarnpkg/yarn The final entry in this year’s top 10 is Weex [15], a framework [3] https://www.npmjs.com/ designed to make developing a cross-platform user interface [4] https://github.com/facebookincubator for mobile applications easier. Weex is designed to be fast, [5] https://github.com/facebookincubator/create-react-app lightweight, and extensible, allowing you to get near native [6] https://facebook.github.io/react/ performance without having to write a different native app for [7] https://github.com/googlesamples/android-architecture each platform. [8] https://github.com/zeit/hyper [9] https://github.com/ParsePlatform/parse-server Honorable mentions [10] https://github.com/jgthms/bulma As I explained, a few new repositories were emerging on [11] https://opensource.com/life/15/12/most-likely-succeed-2016 GitHub this year that, by popularity, may have made this list, [12] https://github.com/tensorflow/models but weren’t strictly speaking properly-licensed open source [13] https://github.com/juliangarnier/anime projects. Here are a few of my favorites: [14] https://github.com/raywenderlich/swift-algorithm-club [15] https://github.com/alibaba/weex • HEAD [16]: A comprehensive list of the many uses for the [16] https://github.com/joshbuchea/HEAD “head” section of an HTML document, from providing meta [17] https://github.com/jwasham/google-interview-university information to browser directives to social sharing hints. [18] https://github.com/toddmotto/public-apis • Google Interview University [17]: One developer’s self- [19] https://github.com/FallibleInc/security-guide-for-developers study plan for moving from web developer to software [20] https://github.com/braydie/HowToBeAProgrammer engineer—essentially, a computer science knowledge [21] https://opensource.com/story checklist. • Public APIs [18]: A list of publicly available APIs to return Author JSON data on just about anything you can imagine, along Jason Baker is passionate about using technology to make with links to their documentation. the world more open, from software development to bringing • A security guide for developers [19]: A work in progress sunlight to local governments. He is par- containing an outline and checklist for security-minded de- ticularly interested in data visualization/ velopers. analysis, DIY/maker culture, simulations/ • How to Be a Programmer [20]: A book about the hard and modeling, geospatial technologies, and soft skills that are necessary to master in order to be suc- cloud computing, especially OpenStack. cessful in a software development career. Follow him on Twitter: @jehb

. 82 Open Source Yearbook 2016 . Opensource.com ...... OLD SCHOOL

How Linux got to be Linux: Test driving 1993-2003 distros

BY SETH KENLON

of open source is that A UNIQUE TRAIT it’s never truly EOL (End of Life). The disc images mostly remain online, and their licenses don’t expire, so going back and installing an old version of Linux in a virtual machine and getting a precise Image by: Internet Archive Book Images. Modified by Opensource.com. picture of what progress Linux has made over the years is relatively simple. cd work, all the basic tools (gawk, cut, diff, perl, and of We begin our journey with Slackware 1.01, posted to the course Volkerding’s favorite [2] elvis) are present and ac- comp.os.linux.announce newsgroup well over 20 years ago. counted for, but some of the little things surprised me. BASH courteously asks for confirmation when you try to tab-com- Slackware 1.01 (1993) plete hundreds of files, and tools to inspect compressed files (such as zless and zmore and zcat) already existed. Figure 1: Slackware 1.01 In more ways than I’d expected, the system feels surpris- ingly modern. What’s missing is any notion of package management. All installs and uninstalls are entirely manual, with no tracking. Over all, Slackware 1.01 feels a lot like a fairly modern UNIX—or more appropriately, it feels like modern UNIX might feel to a Linux user. Most everything is familiar, but there are differences here and there. Not nearly as much a difference as you might expect from an operating system released in 1993!

Debian 0.91 (1994) To try Debian 0.91, I used the floppy disk images available The best part about trying Slackware 1.01 is that there’s a on the Ibiblio digital archive [3], originally posted in 1994. pre-made image in Qemu’s 2014 series [1] of free images, The commands to boot: so you don’t have to perform the install manually (don’t get used to this luxury). $ gunzip bootdsk.gz basedsk1.gz basedsk2.gz $ qemu-system-i386 -M pc -m 64 -boot order=ac,menu=on \ $ qemu-kvm -m 16M -drive if=ide,format=qcow2,file=slackware.qcow2 \ -drive file=bootdisk,if=floppy,format=raw \ -netdev user,id=slirp -device ne2k_isa,netdev=slirp \ -drive file=debian.raw,if=ide,format=raw \ -serial stdio -redir tcp:22122::22 -device ne2k_isa,netdev=slirp \ -serial msmouse -vga std \ Many things in 1993’s version of Linux works just as -redir tcp:22122::22 \ you’d expect. All the basic commands, such as ls and -netdev user,id=slirp . Open Source Yearbook 2016 . Opensource.com 83 OLD SCHOOL......

The bootdisk for Debian 0.91 boots to a simple shell, with is installed by default, so if you didn’t intend to use it, you clear instructions on the steps you’re meant to take next. had to opt out. The install process is surprisingly smooth. It works off of An example /usr/lib/X11/XF86Config (this later became a menu system with seven steps—from partitioning a hard Xorg.conf) file was provided, and that got me 90% of the drive and writing the ext2 filesystem to it, all the way through way to a GUI, but fine-tuning vsync, hsync, and ramdac to copying the basedsk images. This provided a minimal colormap overrides took me an entire weekend until I finally Debian install with many of the familiar conventions any gave up. modern Linux user would expect from their OS. Installing new packages on Jurix was simple; find a .tgz Debian is now famous for its package management sys- on your sources drive, and run a routine tar command: $ su tem, but there are mere hints of that in this early release. The -c 'tar xzvf foo.tgz -C /' The package gets unzipped dpkg command exists, but it’s an interactive menu-based and unarchived to the root partition, and ready to use. I did system—a sort of clunky aptitude, with several layers of this with several packages I hadn’t installed to begin with, menu selections and, unsurprisingly, a fraction of available and found it easy, fast, and reliable. packages. Even so, you can sense the convenience factor in the de- SUSE 5.1 (1998) sign concept. You download three floppy images and end Figure 3: FVWM running on SuSE 5.1 up with a bootable system, and then use a simple text menu to install more goodies. I sincerely see why Debian made a splash.

Jurix/S.u.S.E. (1996) Figure 2: Jurix installation

I installed SUSE 5.1 from a InfoMagic CD-ROM purchased from a software store in Maryland in 1998. A pre-cursor to SUSE, Jurix shipped with binary .tgz pack- ages organized into directories resembling the structure of $ qemu-system-i386 -M pc-0.10 -m 64 \ Slackware’s install packages. The installer itself is also simi- -boot order=ad,menu=on \ lar to Slackware’s installer. -drive file=floppy.raw,if=floppy,format=raw \ -cdrom /dev/sr0 \ $ qemu-system-i386 -M pc -m 1024 \ -drive file=suse5.raw,if=ide,format=raw \ -boot order=ac,menu=on \ -vga cirrus -serial msmouse -drive \ file=jurix/install,if=floppy,format=raw \ The install process was convoluted compared to those -drive file=jurix.img,if=ide \ that came before. YaST volleyed configuration files and set- -drive file=pkg.raw,if=ide,format=raw \ tings between a floppy disk and the boot CD-ROM, requiring -device ne2k_isa,netdev=slirp \ several reboots and a few restarts as I tried to understand -serial msmouse -vga std \ the sequence expected from me. Once I’d failed the process -redir tcp:22122::22 \ twice, I got used to the way YaST worked, and the third time -netdev user,id=slirp was smooth and very much a hint at the Linux user experi- ence to come in later years. Because I wasn’t specifically looking for the earliest instance, A GUI environment was my main goal for SUSE 5.1. Jurix was the first Linux distribution I found that really “felt” The configuration process was familiar, with a few nice like it intended the user to use a GUI environment. XFree86 [4] graphical tools (including a good XF86Setup frontend) to . 84 Open Source Yearbook 2016 . Opensource.com help test and debug mouse and monitor problems. It took The desktop bundled with Red Hat 6 was, as it still is, less than an hour to get a GUI up and running, and most GNOME, but the window manager was an early Enlighten- of the delay was caused by my own research on what res- ment [5], which also provided the main sound daemon. Xdm olutions and color depths Qemu’s virtualized video card and gdm were both provided as login managers so that nor- could handle. mal users could log in without having the permission to start Included desktops were fvwm, fvwm2, and ctwm. I used or kill X itself, which is particularly important on multi-user fvwm, and it worked as expected. I even discovered tkDesk, systems. a dock and file manager combo pack that is surprisingly sim- Certain staple applications are missing; gedit didn’t ilar to Ubuntu’s Unity launcher bar. exist yet, there’s no grand unified office application, and The experience was, over all, very pleasant, and in terms there was no package manager to speak of. GnoRPM, a GUI of getting a successful desktop up and running, SUSE 5.1 interface for RPM installation, review, and removal, was was a rousing success. the closest to a yum or PackageKit experience it had, and gnotepad+ is the GUI text editor (Emacs notwithstanding, Red Hat 6.0 (1999) obviously). Over all, though, the desktop is intuitive. Unlike later im- Figure 4: Red Hat 6 running GIMP 1.x plementations of GNOME, this early version featured a pan- el at the bottom of the screen, with an application menu and launcher icons and virtual desktop control in a central loca- tion. I can’t imagine a user of another operating system at the time finding this environment foreign. Red Hat 6 was a strong entry for Linux, which was obvi- ously moving seriously toward being a proper desktop OS.

Mandrake 8.0 (2001) Figure 5: Mandrake: A turning point in Linux

The next install disc I happened to have lying around was Red Hat 6.0. That’s not RHEL 6.0—just Red Hat 6.0. This was a desktop distribution sold in stores, before RHEL or Fedora existed. The disc I used was purchased in June 1999.

$ qemu-system-i386 -M pc-0.10 -m 512 \ -boot order=ad,menu=on \ -drive file=redhat6.raw,if=ide,format=raw \ -serial msmouse -netdev user,id=slirp \ -vga cirrus -cdrom /dev/sr0 Mandrake 8.0 was released in 2001, so it would have been compared to, for instance, Apple OS 9.2 and Windows ME. The installation was fully guided and remarkably fast. You I fell back on fairly old emulated tech to be safe. never have to leave the safety of the install process, wheth- er choosing what packages to install (grouped together in $ qemu-system-i386 \ Workstation, Server, and Custom groups), partitioning a -M pc-0.10 -m 2048 \ drive, or kicking off the install. -boot order=ad,menu=on \ Red Hat 6 included an xf86config application to step you -drive file=mandrake8.qcow2 \ through X configuration, although it strangely allowed some -usb -net nic,model=rtl8139 \ mouse emulation options that X later claimed were invalid. It -netdev user,id=slirp \ beat editing the Xf86Config file, but getting X correct was still -vga cirrus \ clearly not a simple task. -cdrom mandrake-8.0-i386.iso . Open Source Yearbook 2016 . Opensource.com 85 OLD SCHOOL......

I’d thought the Red Hat installation process had been In 2003, the new Fedora Core distribution was released. nice, but Mandrake’s was amazing. It was friendly, it gave Fedora Core was based on Red Hat, and was meant to the user a chance to test configurations before continuing, it carry on the banner of desktop Linux once Red Hat En- was easy and fast, and it worked almost like magic. I didn’t terprise Linux (RHEL) became the flagship product of the even have to import my XF86Config file, because Mandrake’s company. installer got it right. Nothing particularly special is required to boot the old Fedora Core 1 disc: Figure 6: Mandrake 8.0 installer

$ qemu-system-i386 -M pc \ -m 2048 -boot order=ac,menu=on \ -drive file=fedora1.qcow2 -usb \ -net nic,model='rtl8139' -netdev user \ -vga cirrus -cdrom fedora-1-i386-cd1.iso

Installing Fedora Core is simple and familiar; it uses the same installer as Fedora and Red Hat for the next 9 years. It’s a graphical interface that’s easy to use and easy to un- derstand.

Figure 8: Anaconda GUI

Using the Mandrake desktop is a lot like using any given desk- top of the time, actually. I was a little surprised at how similar the experience was. I feel certain that if I’d somehow stumbled into Mandrake Linux at this time, it actually wouldn’t have been beyond my ability, even as a young and not very technical user. The interfaces are intuitive, the documentation helpful, and the package management quite natural, for a time when it still wasn’t yet the mental default for people to just go to a website and download an installer for whatever software they wanted.

Fedora 1 (2003) The Fedora Core experience is largely indistinguishable Figure 7: Blue Fedora, Red Hat from Red Hat 6 or 7. The GNOME desktop is polished, there are all the signature configuration helper applications, and the presentation is clean and professional. A Start Here icon on the desktop guides the user toward three locations: an Applications folder, the Preferences pan- el, and System Settings. A red hat icon marks the applica- tions menu, and the lower GNOME panel holds all the latest Linux application launchers, including the OpenOffice office suite and the Mozilla browser.

The future By the early 2000s, it’s clear that Linux has well and truly hit its stride. The desktop is more polished than ever, the appli- cations available want for nothing, the installation is easier and more efficient than other operating systems. In fact, from the early 2000s onward, the relationship between the user . 86 Open Source Yearbook 2016 . Opensource.com and the system is firmly established and remains basically Resources unchanged even today. There are some changes, and [1] http://www.qemu-advent-calendar.org/2014 of course several updates and improvements and a stagger- [2] http://www .slackware.com/~volkerdi/ ing amount of innovation. [3] https://ibiblio.org/pub/historic-linux/distributions/​ Project names come and go: debian-0.91/debian-0.91/dist [4] http://www.xfree86.org/ • Mandrake became Mandriva and then Mageia [6]; [5] http://enlightenment.org • Fedora Core became just Fedora [7]; [6] http://mageia.org • Ubuntu [8] popped up from Debian [9] and helped make [7] http://fedoraproject.org “Linux” a household term; [8] http://ubuntu.com • Valve has made SteamOS [10] the official basis for its [9] http://debian.org gaming platform; and [10] http://store.steampowered.com/steamos • Slackware [11] quietly continues to this day. [11] http://slackware.com

Whether you’re new to Linux, or whether you’re such an Author old hand that most of these screenshots have been more bi- Seth Kenlon is an independent multime- ographical than historical, it’s good to be able to look back at dia artist, free culture advocate, and UNIX how one of the largest open source projects in the world has geek. He is one of the maintainers of the developed. More importantly, it’s exciting to think of where Slackware-based multimedia production Linux is headed and how we can all be a part of that, starting project, http://slackermedia.ml. now, and for years to come.

...... WRITE FOR US ......

Would you like to write for Opensource.com? Our editorial calendar includes upcoming themes, community columns, and topic suggestions: https://opensource.com/calendar

Learn more about writing for Opensource.com at: https://opensource.com/writers

We're always looking for open source-related articles on the following topics:

Big data: Open source big data tools, stories, communities, and news.

Command-line tips: Tricks and tips for the Linux command-line.

Containers: Getting started with containers, best practices, security, news, projects, and case studies.

Education: Open source projects, tools, solutions, and resources for educators, students, and the classroom.

Geek culture: Open source-related geek culture stories.

Hardware: Open source hardware projects, maker culture, new products, howtos, and tutorials.

High-performance computing: Open source tools, programs, projects, and howtos for research and science.

Programming: Share your favorite scripts, tips for getting started, tricks for developers, tutorials, and tell us about your favorite programming languages and communities.

Security: Tips and tricks for securing your systems, best practices, checklists, tutorials and tools, case studies, and security-related project updates. . Open Source Yearbook 2016 . Opensource.com 87 OLD SCHOOL......

Compute like it’s 1989 BY SETH KENLON

when we look around People make complaints in modern computing about FOR MANY OF US, at the state of comput- bloat, and the cavalier answer is usually “CPU cycles are ing in 2016, we nod and think, “Yes, today is what I expect- cheap!”—or in other words, “I’d prefer to treat the symp- ed when I thought about what The Future would be like.” tom rather than the cause.” In the old days, CPU cycles Sure, we haven’t got flying cars yet, but today’s technology were prohibitively expensive, and even now, “cheap” isn’t is flashy. We swipe fingers across screens instead of press- the same as “free.” ing buttons, and For $89, you can I’m told we are get a PocketCHIP [1] all very excited and a keyboard, and about all of the have a tiny comput- latest virtual real- er ready to use at ity headsets and any moment, but its augmented reality CPU cycles are not gadgets. cheap. What you So now seems save on its cost and as good a time as power requirement any to look back you pay for in com- at how people puting power, but of the past used you’ll hardly notice, to compute, and as long as you’re back to the days okay with simplified

when a “desktop” Image by: LSE Library. Modified by Opensource.com. computing. computer was so The same is true called because it took up 80 percent of your desktop. The for server slices or instances on shared servers, or within days when the term “computer” actually meant “a machine Crouton [2]. The computer is there for the taking, but you for computation.” have to learn to conserve your resources, whether it’s band- Why bother looking back 30-year-old computing? After all, width or CPU cycles or RAM. the computers back then were clunky, slow, and awkward, weren’t they? Sure, they were, but the great thing about liv- A workflow of your own ing in The Future is that we have the power to look back Old computers weren’t the pre-fab ready-to-wear appliances at the Old Ways and cherry pick information from them for that we’re used to now. Hardware is neat, but I’m not talking modern technology. The truth is, there’s power in simplicity, about the hardware. The stuff we interact with on a daily ba- and old computing was simple out of necessity. sis is the software, and “integrated” software is a relatively new idea. Survival of the thriftiest Back before big monolithic applications got dumped Have you ever played a survival video game? The kind in onto the unsuspecting public, software came in batches on which you must survive a zombie apocalypse by hoarding “shareware” diskettes and BBSes. If you wanted to create canned food and using rolling pins as weapons? Computers animation, you got software to help you draw images, used are a little like that. more software to string images into an animated sequence, . 88 Open Source Yearbook 2016 . Opensource.com used other software to produce sound effects, and finally Midnight Commander (invoked as mc) is a DOS-style utility used software to combine the sound and the image. that provides a split-pane file manager in your terminal. It’s There was freedom in that, both for your computer, which primarily keyboard-driven, although being written with the didn’t need to be capable of running that one big app that tried “ncurses” toolkit, it can also receive mouse-clicks. to do everything, as well as for yourself because it was up to The interface is wonderfully intuitive. All you need to know you which applications you strung together to get the job done. is that it’s a file manager, and from there you can quickly learn it. Contextual commands are listed at the bottom of the Diving in window, each being assigned to a Function Key and a full One way to compute like it’s 1989 is to go and get a Rasp- menu (a “pull down” accessed with F9) is always available at berry Pi or a PocketCHIP and dive in to the wonderful world the top of the window. of low-powered living. The good news is that running Linux Personal customization notwithstanding, there are always today is surprisingly similar to running UNIX or Linux in the two panels in Midnight Commander, and you switch between ‘90s. The bulk of the commands you know and love are them with the Tab key. All the usual file operations are either there, and many of the applications and the general sensibil- a menu selection or a keypress away. It’s intuitive enough ity have endured. that you can poke at it for a few minutes and fall into using Most everything you do on your computer now can be it without introduction, and yet so efficient in design that you done in a terminal, which obviously is the lightest of light- can quickly become a power user and control it with emacs- weight interfaces. like key combos. It is, for all intents and purposes, a “desk- top” for an MS- or Pro-DOS experience. File management The old style of file management was far more direct than Networking modern interfaces allow. Modern computers have automag- To a lot of people, the Internet and the “www” subdomain are ical file handling, according to a mimetype database. Mi- one and the same. What many people don’t realize is that metypes are useful when your main interaction with a file is the “www” subdomain is really just the “World Wide Web” pointing at it and double-clicking to open, but that becomes part of the larger Internet and generally it’s the part that largely irrelevant when you yourself are making the call serves content over HTTP(S). about which application to use. It might surprise you to learn What was called “Web 2.0” is a lot heavier than the Inter- how much faith we tend to put in auto-detection now. For net of old. With all the background videos, JavaScript pop-up instance, who knew you could run a valid text edit command requests for your email address, pleas for you to disable your with sed on a dynamic library or that you can see metadata ad-blocker, alerts about cookies, warnings that your browser in a sound file withless ? When you stop relying on pre-pro- is out of date, and everything else the modern web tries to grammed decisions, then that is when you end up learning throw into your browser, visiting the “www” in a non-main- something new. stream browser is almost impossible. Luckily, there’s a lot Most modern Linux users have at least heard of file man- more happening on the Internet than just social media and agement commands such as cp and mv, and that’s an entire- comment wars. ly valid and certainly the most efficient way to manage files. Web browsers have conditioned most of us to view the It’s not the only option, though. If you yearn for that happy web as a place in which you go and “hang out.” You sit and medium between constructing valid BASH commands and idle; you go to it, but never bring it home. This, of course, the intuitiveness of graphical interfaces, then look to GNU isn’t strictly true—you’re downloading bits to a temporary Midnight Commander [3]. cache, but that’s all abstracted from you by the browser. You can still visit the modern web whilst living a digital retro life- Figure 1: Midnight Commander style, but it’s less about loitering and more about getting stuff done. The earliest Linux distributions shipped with Lynx and ELinks, which provide the typical HTTP experience modern web users are used to, but there were and are many other ways to interact with the Internet:

Atom and RSS The advantages of these is that they are a “push” model instead of a “pull.” You don’t have to go out and check a website to see whether there are updated news items. The software sends you an alert instead. Much of my daily web browsing is taken care of with one look at newsbeuter [4] or Mashpodder [5]. Once you start using RSS and Atom, you . Open Source Yearbook 2016 . Opensource.com 89 OLD SCHOOL......

might just find that the sheen of HTTP is a lot duller than it Figure 2: Floodgap Public Gopher Proxy seemed before. Of the two, newsbeuter is the easiest to configure and use. Install it from your distribution’s repository, and then launch it once to force it to instantiate its configuration file. Once that’s done, you have only to edit your ~/.newsbeuter/urls file; a simple line-delimited list of feeds you want to check. A sample from my current urls file:

$ head ~/.newsbeuter/urls https://opensource.com/feed http://slackware-changelog.oprod.net/atom_feed/ http://fedoraplanet.org/rss20.xml https://planetkde.org/rss20.xml Email http://planet.qt.io/rss20.xml Of course there’s always email, the original social network. http://planetpython.org/rss20.xml Too many people these days fall back on Gmail and other https://www.linux.com/feeds/rss providers that use over-complex web interfaces that cease http://gnuworldorder.info/ogg.atom.xml to function at even the slightest variation of browser vendor http://monsterjavaguns.com/podcast/feed or version. There is a better way, and that is Mutt [8]. It’s a http://twodeeten.blogspot.com/feeds/posts/default lightweight, simple, efficient, and effective email client with more customized config files than you could ever need. Bet- Wget, curl, fetch ter yet, it has next-to-transparent PGP integration, so you Regardless of the UNIX you’re running, you have available can start encrypting those emails from end to end. some command to access the network and fetch a file. It’s browsing the web without the browsing, and it’s sublime. Un- Your-Protocol-Here fortunately, many modern sites obfuscate where the actual Don’t forget Usenet, Tor, GNUnet, and more. There are too content is (if you’re using wget or similar, then you’re not many ways to access the worldwide network to list. If you clicking on their ads), but for the practical websites out there, look, you’ll find all kinds of interesting lightweight technolo- a quick download command is liberating and efficient. gies lying around out there.

Git Graphics without X Git itself is great, but another good thing about git’s popu- On some devices, an X server just isn’t practical—sure, it larity is that people have actually started hosting blogs and might be possible, but you just know it’s eating up a lot of other content in git repositories, which means you can easily precious RAM. You might run a lightweight desktop, but grab that content using just a UNIX shell. you’ll still inherit the overhead of running X in the first place. Mostly, when computing the Old Way, you don’t need much SSH by way of a graphical interface. A GUI just clutters things up, Thriving community servers are out there that are open to gets your hands away from the keyboard where they belong, new users, and you can also build your own. You can find and is painfully inefficient. If ever you’re going to wish for a a list of free shell accounts [6], and now that you can get graphical display, it will be when you’re online or checking a computer for $35, setting up your own is one install and email. People love graphics on the Internet, and people love port forward away, even if only as an experiment to see how embedding images into email. many friends you can get to join you. Don’t startx yet. What if I told you that you don’t need to run X to display graphics on your screen? Thanks to the Gopher Linux framebuffer device, /dev/fb0, you can do just that. There’s an unusual amount of nostalgia out there for the There are a few different utilities to draw images straight to Gopher protocol. It’s not the greatest system ever invented your screen without a graphic server. These don’t work over (Gopher servers sometimes have trouble parsing Gopher’s remote or emulated connections (SSH, screen, tmux), but markup), but it does underscore one point that much of the as long as you’re sitting at the physical computer you’re us- web seems to have forgotten: It’s all about the content, not ing, you can direct all kinds of output straight to the physical the ads. When your site is serving lists of text and binary screen attached to it. files, you inherit an objectivity that just gets lost in modern To view images, there’s fbi (framebuffer image viewing) sites. The Lynx browser still recognizes Gopher, so start your and its successor, fim (Fbi IMproved). Both essentially do journey with it [7]. the same thing. Point it at a bitmap file and it’ll paint the . 90 Open Source Yearbook 2016 . Opensource.com picture on your display, abruptly, without fanfare or apology. system was and is to empower users to take small com- You can use various controls; you can zoom, pan, or step mands and string them together to accomplish complex through a slideshow. It’s easy and immediate, and it’s ex- tasks. The individual’s workflows were meant to be unique actly what you need. and infinitely extensible. You can even play video without X, believe it or not. You Beyond the mimicry of old computer interfaces and the need to make sure your username is a member of the “video” rejection of modern network chatter is the enduring principle and “audio” groups (this is usually a default on even the bare- that computerists should be eager to find new tools, useful bones Linux distributions), and then: programs, and exciting ways to piece things together to ac- complish tasks and to make life better for everyone. In other $ mplayer -vo fbdev my_movie.mp4 words, put the “you” in UNIX.

Understand, this isn’t a gimmicky “convert your images to ASCII” scenario—these tools actually display the imag- Resources es and video on your screen without a GUI. Depending on [1] https://getchip.com/pages/pocketchip which shell you’re using, painting pixels this way can con- [2] https://github.com/dnschneid/crouton fuse your input. If your shell starts to act funny after using [3] https://www.midnight-commander.org/ fbdev, use the reset command and everything ought to re- [4] http://newsbeuter.org/ turn to normal. [5] https://github.com/hirozed/mashpodder [6] http://shells.red-pill.eu The “you” in UNIX [7] http://gopher.floodgap.com/gopher/ UNIX training and training videos [9] produced in the 1980s [8] http://mutt.org made it abundantly clear that the intent of the operating [9] https://archive.org/details/UNIX1985

. Open Source Yearbook 2016 . Opensource.com 91 OLD SCHOOL......

LinuxQuestions.org celebrates sweet 16 BY JEREMY GARCIA

November 2016 a welcome message, was IN MY Opensource. June 25, 2000. com column, The Queue [1], The initial LinuxQuestions. I answered a multi-part ques- org site consisted of a logo tion received via email: crudely designed by me, a forum, and a short-lived news Why did you start Linux- portal that was based on Questions.org [2]? And can Slash [5], which was the Perl- you tell us a little about the based code running Slashdot history of the site? at the time. Image by: Opensource.com. CC BY-SA 4.0 In the beginning, Linux- The answer Questions.org was basically just me answering questions Computers, programming, and technology in general have posted by other members. I figured someday the site would always fascinated me. When I was in high school, I started grow to maybe a few hundred people, so to say it has grown working for a local ISP that used UNIX almost exclusively. far beyond my initial expectations is a monumental under- The “UNIX way” just clicked and made a lot of sense to me. statement. I still fondly remember the first time a member I It wasn’t long before I wanted to run something similar at didn’t personally know answered a question. Today we have home. The ISP used SCO, which is fairly ironic in retrospect, more than 500,000 members and millions of posts. so home use really wasn’t possible due to the high cost and licensing restrictions of the product. Searching for an alter- History highlights native quickly lead me to Linux. As for the history and progression of the site, so much comes I purchased The Linux Bible [3] from a local bookstore, to mind that it’s difficult to pick just a few moments, but here so my first distribution was Yggdrasil [4]. Although the last are highlights: official release of Yggdrasil was in 1995, it was a popular option early on and ended up being the first Linux distribution Moderators available as a live CD. I’ve used Linux as my main operating A year in, we added our first moderator, which was a big system ever since. I like to tinker and understand how things step in growing the site and I remember being fairly nervous work, so the fact that I could get an operating system that about it working out. We now have a team of more than 20 allowed me not only to see how things worked, but also to moderators who are spread out around the world. They’re modify how things worked, enthralled me. responsible for everything from cleaning up spam, to en- Fast forward to 2000, and I had just started my first forcing the community guidelines, to ensuring new members job that was dedicated solely to work- feel welcome. The amount of dedication ing with Linux. I had been using Linux Figure 1: LinuxQuestions.org original logo and hard work they put into LinuxQues- for a while at this point and wanted to tions.org is truly remarkable, and we give something back to a community quite simply would not be the friendly, that I felt had given me quite a bit. welcoming, vibrant place we are today The first post on LinuxQuestions.org, without this group. . 92 Open Source Yearbook 2016 . Opensource.com Members Choice Awards Podcast launches On a bit of a whim, I started the Members Choice Awards a In 2004 we launched a podcast and it really changed how mem- year later, and it’s been fun to watch them grow as an annual bers interacted with the site. Although we no longer produce the event from there. The MCAs allow the community to vote LQ Podcast [9] or LQ Radio [10], the archives are still available on their favorite projects/products in a variety of categories, and it’s something I consider reviving from time to time. some of which change each year. Many projects really get into it, and it’s nice to be able to not only recognize the win- Membership milestones ners, but also gain additional exposure for great open source The 100,000th member, 1-millionth thread, and 5-mil- projects in the process. lionth post milestones all stick out as memorable. There were 11 categories the first year, and winners in- The numbers involved are so far beyond my initial cluded Red Hat Linux, KDE, Enlightenment, Quake III, expectations that it’s difficult to articulate. We even had a StarOffice, and MySQL. contest in which the member who guessed the correct date In 2015, we had 35 categories and winners in the same and time the 100,000th member would register won a gratis categories were Linux Mint, KDE (GNOME has won during LinuxQuestions.org shirt. The correct answer ended up be- the interim), Openbox, 0 A.D., LibreOffice, and MariaDB. ing March 13, 2004 between 7-8pm EST. (Voting for the 16th Members Choice Awards will open soon. Follow us on Twitter @linuxquestions [6] to be notified when Community the polls open.) With all that said, I think the best part about LinuxQuestions. org for me is hearing members say how much they enjoy par- Linux distributions forum ticipating, or getting a message from someone saying they’d In 2002, the first distribution started officially participating. have given up on Linux if the site and community didn’t exist. Although Linux From Scratch [7] led the way, we now have In the end, it’s really about community. The open source more than 30 distributions in our official Distributions Forum world is full of smart, energetic, talented, people, and I’m [8] program, and all distributions are welcome. If you’re as- absolutely a better person for having been exposed to it. I’ve sociated with a distribution that would like to participate, con- also made quite a few good friends along the way. tact us for more information; there is no cost and the require- Although running such a large community can be chal- ments are minimal. I think having participation from such a lenging at times, it’s extremely rewarding and I’m both hon- diverse group of people helps create the unique atmosphere ored and humbled that so many people have chosen to take we have. time out of their lives to participate and have allowed us to be part of the Linux ecosystem for so long. We’ll continue to First conference booth attempt to improve each and every day, so if you have any We got a chance to exhibit at LinuxWorld in New York a few feedback for us, please let me know. years in, and the feedback we got was really energizing. For those who don’t remember LinuxWorld, it was one of Resources the first large events focused on Linux and Open Source, [1] https://opensource.com/tags/queue-column with attendance topping 20,000 at its peak. We had mod- [2] http://www.linuxquestions.org/ erators fly in from multiple countries, and people from all [3] http://www.wiley.com/WileyCDA/WileyTitle/​ over the world visited our booth to tell us how much they productCd-1118999878.html liked the site and how much it had helped them, or who [4] https://en.wikipedia.org/wiki/Yggdrasil_Linux/GNU/X just stopped by to say hello because they wanted to meet [5] http://www .slashcode.com/www.slashcode.com/ us. Linus Torvalds even stopped by each booth in the .org [6] https://twitter.com/linuxquestions Pavilion. It was a humbling experience, and one that has [7] http://linuxfromscratch.org/ happened many times since. If you’d have told me when I [8] http://www.linuxquestions.org/questions/linux-distributions-5/ founded the site that I’d have experiences such as that one, [9] http://radio.linuxquestions.org/linux/lq-podcasts I’d certainly not have believed you. [10] http://radio.linuxquestions.org/linux/lq-radio

. Open Source Yearbook 2016 . Opensource.com 93 OPENSOURCE.COM......

...... EDITORIAL CALENDAR ...... Would you like to write for us? Our editorial calendar includes upcoming themes, community columns, and topic suggestions: https://opensource.com/calendar

Happy Pi Day! To celebrate Pi Day, we're rounding up a series on the Raspberry Pi. What projects have you created? What solutions to common problems have you found? What do you do with your Raspberry Pi?

Containers How are you or your organization using Linux containers to get work done, to push innovation forward, and to find new solutions to technical problems?

Open Hardware and DIY Show off your tutorials and demos of hardware in the wild, and tell us about projects you work on and how you use open hardware. Let's see those DIY projects that automate your appliances and up your geek fashion cred.

Entertainment and Geek Culture We're looking for geek culture stories and articles about how open source tools, projects, and communities keep us entertained.

Back to School Which open source tools are helpful for the classroom? How are open source technologies being used or taught in your schools? We're always excited to hear how open source is improving education, so send us your stories.

Programming Show off your scripts, tips for getting started, tricks for developers, and tutorials, and tell us about your favorite programming languages and communities.

Supercomputing We want to hear about your high-performance computing projects and big data discoveries. Send us your stories!

Email story proposals to [email protected]

. 94 Open Source Yearbook 2016 . Opensource.com